A cyber-attack on American hospitality chain McMenamins may have exposed data belonging to its current and former employees.
The business, which owns and operates brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington, issued a data breach notice after suffering a ransomware attack.
Suspicious activity was identified in the company’s computer network on December 12.
“As soon as we realized what was happening, we blocked access to our systems to contain the attack that day,” states McMenamins in a data breach notice updated on December 30.
“It appears that cybercriminals gained access to company systems beginning on December 7 and through the launch of the ransomware attack on December 12.”
The company went on to say that the installation of malicious software on its computer systems prevented staff from accessing company files and data.
An investigation into the security incident has determined that the perpetrators “stole certain business records,” including payroll data and human resources files, “for at least some individuals” who worked for McMenamins between January 1, 1998, and June 30, 2010.
McMenamins said: “We have not been able to recover these files or contact information for these previous employees. Out of abundance of caution and for the purposes of providing this notice and credit monitoring support, we are assuming that all previous employees during this time period were potentially affected.”
The unidentified ransomware gang behind the attack also stole human resources files containing the personal data of individuals employed by McMenamins between July 1, 2010, and December 12, 2021.
The affected files potentially contained employees’ names, addresses, telephone numbers, email addresses, dates of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution amounts.
McMenamins said it is working with the Federal Bureau of Investigation and an “experienced cybersecurity investigation firm” to gauge the full extent of the attack, restore its systems, and improve its security.
Identity theft and credit monitoring and protection services are being provided free of charge to all current and previous employees of McMenamins who worked for the company between January 1, 1998, and December 12, 2021.