McMenamins Ransomware Attack Breached Employee Records Going Back 23 Years

Posted

McMenamins employees who haven’t worked at the hotel and brewpub chain since the Clinton administration had personal information accessed during a ransomware attack last month, according to the Portland company.

The attack breached current employee records and accessed former employees’ information as far back as 1998. McMenamins told the Oregon Department of Justice it has notified 14,861 current and former employees in Oregon but said the total number of personnel records accessed during the attack could top 30,000.

Cybercriminals potentially accessed employee names, Social Security numbers, addresses, phone numbers, email addresses, birth dates, income information, and performance and disciplinary records, according to McMenamins.

The company said it’s “possible” thieves have accessed direct deposit information, including bank account numbers, but McMenamins said it can’t say for sure whether that happened.

While the chain has notified employees who worked for McMenamins since 2010 about the breach, it says it doesn’t have contact information for employees who worked at the company between 1998 and 2010, so it’s set up a webpage providing information for them. The company said the total number of employees in that category could be as high as 20,000.

“We’re devastated our people need to do so, but we’re urging them to vigilantly monitor their accounts and healthcare information for anything unusual,” Brian McMenamin, a member of the family that owns the chain, said in a statement last week.

The chain reiterated that it doesn’t believe hackers accessed customer financial data, which is on a separate system from the one breached last month.

McMenamins has 62 hotels, theaters, bars and restaurants in Oregon and Washington. The company employs 2,700.

McMenamins said it believes hackers breached its systems beginning Dec. 7 and had access until the company discovered the attack on Dec. 12. The company previously said that it had not paid any ransom.

The attack disrupted the company’s phones, credit card processing and hotel reservations, but all its locations have remained open. Many systems remain offline, though, and McMenamins said doesn’t know when it will have all systems restored.

Hotel guests have reported confusion and frustration over their reservations. McMenamins suggests its hotel guests should call properties directly for information on their bookings.

McMenamins is providing credit monitoring and protection services to current and former employees, but if hackers accessed birth dates, names and Social Security numbers, then personal financial information could be at risk indefinitely.

Online sleuths link the McMenamins attack to a shadowy criminal organization called Conti. Federal law enforcement warned in September that Conti had struck more than 400 organizations in the U.S. and account the world at that point.

Update: This article has been updated with information on the total number of current and former McMenamins employees potentially affected by the breach.