Massive McMenamins Data Breach Left 12 Years Of Employee Records Exposed

The Pacific Northwest chain still hasn’t fully recovered from a crippling December 12 attack. The company confirmed that a significant amount of employee data was exposed in the data breach.

Ransomware Attack Ended With A Jaw-Dropping Data Breach

A devastating ransomware attack hit the McMenamins hospitality and dining chain and resulted in a monumental data breach exposing 12 years of employee data, which the organization has officially confirmed.

The incident happened earlier in December 2021, and some believe the Conti ransomware group was behind it. It shook the Pacific Northwest empire to the core, forcing it to shut down several operations.

Recently, McMenamins confirmed that the perpetrators managed to exfiltrate a great deal of confidential employee records — for those working for the company between January 1, 1998, and June 30, 2010. The stolen data covers names, addresses, phone numbers, email addresses, dates of birth, race, ethnicity, gender, medical notes, Social security numbers, disability status, health insurance data, salaries, and retirement contribution amounts.

Scammers can use the data trove for personalized phishing attacks, other social-engineering scams, and even identity theft.

“It’s possible that the thieves accessed files containing direct-deposit bank account information as well, but McMenamins does not have a clear indication they did so,” the company stated in a December 30 notice.

On a brighter note, McMenamins said that no customer data was compromised.

“We’re devastated our people need to do so, but we’re urging them to vigilantly monitor their accounts and healthcare information for anything unusual,” said Brian McMenamin, one of the brothers who own the business, in a press statement. “They should immediately notify their financial institutions or health providers if they see anything out of sort. They should sign up immediately for free monitoring and identity-theft protection. All the information is on our website, and we encourage them to call with any questions.”

The chain also said that it is providing its past and current workers identity and credit protection services, along with a dedicated call center to find out more about the attack. In addition, all affected employees were notified of the incident.

Still Recovering From The Ransomware Attack

The attack forced the company to shut down its IT systems, credit-card point-of-sale systems, and corporate email to prevent the attack from spreading even more. However, three weeks later, the chain still hasn’t fully recovered, and its operations are not remediated — its core functions, such as the central phone system, email, credit card processing, hotel-reservation system, and gift-card processing are still down.

Currently, the company is asking potential customers to delay their bookings or call locations directly, and it’s using the third-party Dinerware point-of-sale for credit cards.

“It is unknown when the issue will be resolved and systems back up and running,” the organization said. “Given the impacts to the company’s email system, email responses are delayed.”

Brian McMenamin also said the attack’s aftermath “is especially disheartening” given its timing after the “strain and hardship” McMenamins’ employees have gone through over the past two years during the unfortunate COVID-19 situation.

The organization has reported the breach to the FBI and is working with professionals to find the culprit and resolve the incident.

ATTACK Simulator’s Security Awareness Training program will help you equip your employees with the necessary security knowledge and up-to-date security practices to keep your company safe from scammers and avoid potentially irreparable damage.

Put your employees to the test with our free security awareness training trial and find out where you stand against a phishing attack!

Sources:

Threatpost McMenamins Data Breach Affects 12 Years of Employee Info

BusinessWire McMenamins Confirms Employee Data Compromised in Ransomware Attack, Offers ID Protection & Credit Monitoring Services

Attribution:

Photo by Patrick Tomasso on Unsplash

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
ATTACK Simulator

ATTACK Simulator

2 Followers

We’re a fresh startup that aims at creating a culture of security in every company by teaching security awareness through automated phishing simulations.