Ransomware Attack Leads to Data Breach at Hospitality Chain McMenamins

Hospitality chain McMenamins suffered a data breach following a Dec. 12 ransomware attack, the chain said in a notice on its website last week. The perpetrators stole business records, such as payroll and human resources data files for certain employees hired between the start of 1998 and June 30, 2010.

The company has been unable to recover files or contact information for the employees. Attackers also stole HR and payroll data for individuals employed by McMenamins between July 1, 2010, and Dec. 12, 2021.

The stolen employee data may have contained ”name, address, telephone number, email address, date of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security number, health insurance plan election, income amount, and retirement contribution amounts,” the company said. “Although it is possible that the hackers accessed or took records with direct-deposit bank account information, we do not have any indication that they did, in fact, do so.”

On Dec. 12, a Conti ransomware attack hit McMenamins breweries and temporarily disrupted the company’s operations over the weekend. As a result, several systems including servers, workstations, and POS (point-of-sale) were encrypted.

Apparently, the threat actors gained unauthorized access to the company’s systems starting Dec. 7 and pulled the trigger on the ransomware attack during the weekend, on Dec. 12.

During the attack, perpetrators deployed malware on the compromised systems to prevent employees from trying to access or use company resources.

In response to the data breach, the company is providing a 12-month membership of an identity detection and identity theft resolution service to its employees. The service is meant to help employees check credit reports and monitor credits, as well as restore their identity in credit and non-credit fraud incidents.