McMenamins hit by ransomware attack; chain says customer data appears secure but employee info at risk –

McMenamins hit by ransomware attack; chain says customer data appears secure but employee info at risk -

Portland hotel and brewpub chain McMenamins has been hit by a ransomware attack that left many of its computer systems inoperable. Intruders may have accessed some of its employee records, the company said Wednesday night, but appear to have left customer data untouched.

McMenamins said it identified and blocked the attack on Sunday. The chain didn’t say whether it paid any ransom but did indicate the attack disrupted some systems and operations, though all its locations are currently open.

The Portland company operates 56 hotels, movie theaters, bars and restaurants in the Northwest, mostly along the Interstate 5 corridor from Eugene to Seattle. Many of its sites are in restored schools, hotels, lodges and theaters.

“Cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information,” McMenamins said in an announcement Wednesday night. “The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and full scope of the attack.”

In ransomware attacks, cyberthieves typically take over an organization’s computer systems, blocking access or threatening to release private information unless they receive a ransom payment.

McMenamins said all its properties remain open but the attack took corporate email and credit card scanners offline, forcing the company to resort to alternative payment systems. The chain said a separate payment processing service manages customer payment information and said there is “no indication” the attack breached those systems.

Employee data, though, “may have been compromised.” Those records potentially include workers’ names, addresses, email addresses, phone numbers, birthdays, Social Security numbers and bank account information.

McMenamins said it will offer identity protection services to employees as it works to determine the scope of the attack. The company had 3,000 employees at the pandemic’s outset; it didn’t immediately respond Wednesday night to inquiries about the current size of its workforce.

“What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years,” said Brian McMenamin, a member of the family that owns the company. “We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach. We are hopeful that this holiday season will mark a positive turning point for all of us and appreciate the patience and understanding of our loyal customers and partners.”

Companies large and small this week are scrambling to respond to a vulnerability in the Apache logging package log4j, an obscure piece of software that’s nonetheless ubiquitous in all manner of corporate computer systems and internet-enabled devices. The so-called zero-day vulnerability is especially alarming because it was publicly exposed before a software fix was widely available.

It’s not clear whether the McMenamins attack was connected to that vulnerability.

Hacks into corporate systems and ransomware attacks have grown increasingly prevalent over the past few years, often attributed to cybercriminals working overseas. That makes it especially difficult for authorities to investigate such intrusions and hold thieves accountable.

Notable Oregon attacks include a breach of Burgerville’s payment systems in 2019 and a hack of children’s clothing retailer Hanna Anderson reported in 2020.

Such intrusions rarely result in widespread losses for customers but do place individual customers at heightened risk of fraud. And the attacks can produce expensive disruptions for businesses, especially small ones without the knowledge or resources to effectively guard against intrusions or recover afterwards.

— Mike Rogoway | [email protected] | Twitter: @rogoway |

This content was originally published here.

Laat een reactie achter

Het e-mailadres wordt niet gepubliceerd.