What can we learn from McMenamins Data Breach?Ransomeware and its impact.

From McMenamins.com

What Happened

On December 12, 2021, McMenamins suffered a ransomware attack. As soon as we realized what was happening, we blocked access to our systems to contain the attack that day. It appears that cybercriminals gained access to company systems beginning on December 7 and through the launch of the ransomware attack on December 12. During this time, they installed malicious software on the company’s computer systems that prevented us from using or accessing the information they contain.

Which Employees Were Affected and What Information Was Involved

We have determined that the hackers stole certain business records, including human resources/payroll data files for at least some individuals who were previously employed by McMenamins between January 1, 1998 and June 30, 2010. We have not been able to recover these files or contact information for these previous employees. Out of abundance of caution and for the purposes of providing this notice and credit monitoring support, we are assuming that all previous employees during this time period were potentially affected.

In addition, the hackers stole the same type of human resources files for persons employed by McMenamins between July 1, 2010 and December 12, 2021. Because we were able to recover the contact information for these individuals, McMenamins mailed to them individual notices containing the same general information about the incident and individual information for enrolling in identity and credit monitoring and protection services.

The affected files potentially contained the following categories of personal information for all potentially affected current and past employees: name, address, telephone number, email address, date of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security number, health insurance plan election, income amount, and retirement contribution amounts. Although it is possible that the hackers accessed or took records with direct-deposit bank account information, we do not have any indication that they did, in fact, do so.

What McMenamins Is Doing

McMenamins is investigating the attack and working to get business back online. We notified the FBI and are cooperating with their efforts. We are working with an experienced cybersecurity investigation firm to understand the attack, restore our systems, and enhance our security. We have notified the Attorney Generals of Oregon and Washington, major credit reporting bureaus, and the news media.

I went to McMenamins Edgefield for a meeting and stayed the night on January 3rd. I ate in the Black Rabbit Restaurant and had lunch the next day in the Power Station Pub. One thing I noticed was that they had to revert to manual paper based systems for everything. Hotel Check in, Food Orders etc. They even had to run the ticket back to the kitchen. Can you imagine your business being “down” electronically for weeks? Email, Hotel Reservations, Point of Sale systems were all down. I’m sharing this in hopes we can all learn from it. It’s not “if” the hackers get in and cause harm to our businesses, it’s “when”. Even though I felt bad for the employees having to revert to manual systems, I’m impressed with the company’s response and ability to find a way through this crisis.

Jim Teece