What can we learn from McMenamins Data Breach?Ransomeware and its impact.
On December 12, 2021, McMenamins suffered a ransomware attack. As soon as we realized what was happening, we blocked access to our systems to contain the attack that day. It appears that cybercriminals gained access to company systems beginning on December 7 and through the launch of the ransomware attack on December 12. During this time, they installed malicious software on the company’s computer systems that prevented us from using or accessing the information they contain.
Which Employees Were Affected and What Information Was Involved
We have determined that the hackers stole certain business records, including human resources/payroll data files for at least some individuals who were previously employed by McMenamins between January 1, 1998 and June 30, 2010. We have not been able to recover these files or contact information for these previous employees. Out of abundance of caution and for the purposes of providing this notice and credit monitoring support, we are assuming that all previous employees during this time period were potentially affected.
In addition, the hackers stole the same type of human resources files for persons employed by McMenamins between July 1, 2010 and December 12, 2021. Because we were able to recover the contact information for these individuals, McMenamins mailed to them individual notices containing the same general information about the incident and individual information for enrolling in identity and credit monitoring and protection services.
The affected files potentially contained the following categories of personal information for all potentially affected current and past employees: name, address, telephone number, email address, date of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security number, health insurance plan election, income amount, and retirement contribution amounts. Although it is possible that the hackers accessed or took records with direct-deposit bank account information, we do not have any indication that they did, in fact, do so.
What McMenamins Is Doing
McMenamins is investigating the attack and working to get business back online. We notified the FBI and are cooperating with their efforts. We are working with an experienced cybersecurity investigation firm to understand the attack, restore our systems, and enhance our security. We have notified the Attorney Generals of Oregon and Washington, major credit reporting bureaus, and the news media.