A ransomware attack affecting human resources services company Ultimate Kronos Group has raised fears that paychecks could be affected right in the midst of the holiday season.

UKG discovered the attack Saturday after identifying unusual activity in a private cloud product used by four of its subsidiaries: Workforce Central, UKG TeleStaff, Healthcare Extensions and Banking Scheduling Solutions.

The company says the rest of its IT stack remains unaffected by the breach but has taken the private cloud offline while cyber security works to find a resolution.

HR teams reliant on UKG Private Cloud may be waiting several weeks before access is restored, raising the prospect of disrupted employee systems over Christmas.

In an update issued Dec. 14, the company confirmed that its disaster recovery protocols were temporarily unavailable due to the incident’s “malicious nature.”

A further incident update was expected on Dec. 15. UKG said it’s investigating a potential link to the Log4j vulnerability, a flaw in the Apache debugging library that’s reportedly employed by major tech platforms including CloudFlare, LinkedIn and YouTube.

While UKG said its cybersecurity team issued a rapid patch update to counteract Log4j, it’s continuing to investigate the possibility that attackers used it to gain access.

“We are working with leading cyber security experts to assess and resolve the situation, and have notified the authorities,” Bob Hughes, executive vice president for UKG, said in a post on the company’s website, “The investigation remains ongoing, as we work to determine the nature and scope of the incident.”