McMenamins hit by ransomware attack; chain says customer data appears secure but employee info at risk - oregonlive.com
McMenamins hit by ransomware attack; chain says customer data appears secure but employee info at risk
Updated: Dec. 16, 2021, 1:16 p.m. | Published: Dec. 15, 2021, 8:41 p.m.
Retails and restaurants reopen in Oregon
The Portland company operates 56 hotels, movie theaters, bars and restaurants in the Northwest, many of them in restored schools, hotels, lodges and theaters.Dave Killen/The Oregonian
Facebook Logo
Twitter Logo
502
shares
By Mike Rogoway | The Oregonian/OregonLive
Portland hotel and brewpub chain McMenamins has been hit by a ransomware attack that left many of its computer systems inoperable. Intruders may have accessed some of its employee records, the company said Wednesday night, but appear to have left customer data untouched.
McMenamins said it identified and blocked the attack on Sunday. In a statement Thursday, the chain said it hasn’t paid any ransom and declined to disclose any details about the hackers’ demands.
In ransomware attacks, cyberthieves typically take over an organization’s computer systems, blocking access or threatening to release private information unless they receive a ransom payment.
No locations closed because of the attack, but McMenamins said the intrusion took down its online reservation system. It is taking hotel reservations by phone but can’t quote room rates or book specific room types. It’s also unable to redeem gift cards and most locations.
The Portland company operates 56 hotels, movie theaters, bars and restaurants in the Northwest, mostly along the Interstate 5 corridor from Eugene to Seattle. Many of its sites are in restored schools, hotels, lodges and theaters.
“Cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information,” McMenamins said in an announcement Wednesday night. “The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and full scope of the attack.”
McMenamins said the attack took corporate email and credit card scanners offline, forcing the company to resort to alternative payment systems. The chain said a separate payment processing service manages customer payment information and said there is “no indication” the attack breached those systems.
Employee data, though, “may have been compromised.” Those records potentially include workers’ names, addresses, email addresses, phone numbers, birthdays, Social Security numbers and bank account information.
McMenamins said it will offer identity protection services to employees as it works to determine the scope of the attack. The company employs 2,700, down from 3,000 before the pandemic.
“What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years,” said Brian McMenamin, a member of the family that owns the company. “We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach. We are hopeful that this holiday season will mark a positive turning point for all of us and appreciate the patience and understanding of our loyal customers and partners.”
Companies large and small this week are scrambling to respond to a vulnerability in the Apache logging package log4j, an obscure piece of software that’s nonetheless ubiquitous in all manner of corporate computer systems and internet-enabled devices. The so-called zero-day vulnerability is especially alarming because it was publicly exposed before a software fix was widely available.
It’s not clear whether the McMenamins attack was connected to that vulnerability.
Hacks into corporate systems and ransomware attacks have grown increasingly prevalent over the past few years, often attributed to cybercriminals working overseas. That makes it especially difficult for authorities to investigate such intrusions and hold thieves accountable.
Notable Oregon attacks include a breach of Burgerville’s payment systems in 2019 and a hack of children’s clothing retailer Hanna Anderson reported in 2020.
Such intrusions rarely result in widespread losses for customers but do place individual customers at heightened risk of fraud. And the attacks can produce expensive disruptions for businesses, especially small ones without the knowledge or resources to effectively guard against intrusions or recover afterwards.
Updated: Dec. 16, 2021, 1:16 p.m. | Published: Dec. 15, 2021, 8:41 p.m.
Retails and restaurants reopen in Oregon
The Portland company operates 56 hotels, movie theaters, bars and restaurants in the Northwest, many of them in restored schools, hotels, lodges and theaters.Dave Killen/The Oregonian
Facebook Logo
Twitter Logo
502
shares
By Mike Rogoway | The Oregonian/OregonLive
Portland hotel and brewpub chain McMenamins has been hit by a ransomware attack that left many of its computer systems inoperable. Intruders may have accessed some of its employee records, the company said Wednesday night, but appear to have left customer data untouched.
McMenamins said it identified and blocked the attack on Sunday. In a statement Thursday, the chain said it hasn’t paid any ransom and declined to disclose any details about the hackers’ demands.
In ransomware attacks, cyberthieves typically take over an organization’s computer systems, blocking access or threatening to release private information unless they receive a ransom payment.
No locations closed because of the attack, but McMenamins said the intrusion took down its online reservation system. It is taking hotel reservations by phone but can’t quote room rates or book specific room types. It’s also unable to redeem gift cards and most locations.
The Portland company operates 56 hotels, movie theaters, bars and restaurants in the Northwest, mostly along the Interstate 5 corridor from Eugene to Seattle. Many of its sites are in restored schools, hotels, lodges and theaters.
“Cybercriminals deployed malicious software that locked the company’s systems and prevented access to critical information,” McMenamins said in an announcement Wednesday night. “The family-owned company has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and full scope of the attack.”
McMenamins said the attack took corporate email and credit card scanners offline, forcing the company to resort to alternative payment systems. The chain said a separate payment processing service manages customer payment information and said there is “no indication” the attack breached those systems.
Employee data, though, “may have been compromised.” Those records potentially include workers’ names, addresses, email addresses, phone numbers, birthdays, Social Security numbers and bank account information.
McMenamins said it will offer identity protection services to employees as it works to determine the scope of the attack. The company employs 2,700, down from 3,000 before the pandemic.
“What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years,” said Brian McMenamin, a member of the family that owns the company. “We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach. We are hopeful that this holiday season will mark a positive turning point for all of us and appreciate the patience and understanding of our loyal customers and partners.”
Companies large and small this week are scrambling to respond to a vulnerability in the Apache logging package log4j, an obscure piece of software that’s nonetheless ubiquitous in all manner of corporate computer systems and internet-enabled devices. The so-called zero-day vulnerability is especially alarming because it was publicly exposed before a software fix was widely available.
It’s not clear whether the McMenamins attack was connected to that vulnerability.
Hacks into corporate systems and ransomware attacks have grown increasingly prevalent over the past few years, often attributed to cybercriminals working overseas. That makes it especially difficult for authorities to investigate such intrusions and hold thieves accountable.
Notable Oregon attacks include a breach of Burgerville’s payment systems in 2019 and a hack of children’s clothing retailer Hanna Anderson reported in 2020.
Such intrusions rarely result in widespread losses for customers but do place individual customers at heightened risk of fraud. And the attacks can produce expensive disruptions for businesses, especially small ones without the knowledge or resources to effectively guard against intrusions or recover afterwards.
