Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12.
McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington.
According to the company, threat actors have stolen data of individuals employed between July 1, 2010, and December 12, 2021.
Stolen employees’ data potentially included names, addresses, telephone numbers, email addresses, dates of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security numbers, health insurance plan elections, income amounts, and retirement contribution amounts.
According to the company, threat actors likely accessed files containing direct deposit bank account information.
McMenamins properties remain open despite the security breach, however, many operational systems, including its phone system, credit card processing and hotel reservation system, were impacted by the ransomware attack.
The good news is that customer financial data was not affected.
“Many operational systems, including its phone system, credit card processing and hotel reservation system, were affected. Guests are being thanked for their patience and asked to call the property directly for information on bookings, and to wait until the new year for later bookings. All McMenamins locations are securely accepting credit cards through the Dinerware, an on-site point of sale system. Gift card purchases and redemptions are impacted at some properties, but the online store at www.shopmcmenamins.com remains operational. Customers are encouraged to make gift card purchases online for the time being.” concludes the data breach notification. “It is unknown when the issue will be resolved and systems back up and running. Given the impacts to the company’s email system, email responses are delayed.”
Follow me on Twitter: @securityaffairs and Facebook
[adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
Nation-state actor UAT4356 has been exploiting two zero-days in ASA and FTD firewalls since November…
A malware campaign has been exploiting the updating mechanism of the eScan antivirus to distribute…
The Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned four Iranian nationals for their…
A cyber attack on Leicester City Council resulted in certain street lights remaining illuminated all…
The National Police Agency in South Korea warns that North Korea-linked threat actors are targeting…
The U.S. Department of State imposed visa restrictions on 13 individuals allegedly linked to the…
This website uses cookies.