McMenamins affected by ransomware attack; chain claims customer data seems secure but employee information is at risk


Portland’s McMenamins hotel and brewery chain was hit by a ransomware attack that left several of its computer systems inoperative. Intruders may have accessed some of its employee records, the company said Wednesday evening, but appears to have left customer data intact.

McMenamins said he identified and blocked the attack on Sunday. The chain did not say whether it paid a ransom, but said the attack disrupted some systems and operations, although all of its locations are currently open.

The Portland-based company operates 56 hotels, theaters, bars and restaurants in the Northwest, primarily along the Interstate 5 corridor from Eugene to Seattle. Many of its sites are in restored schools, hotels, lodges and theaters.

“Cyber ​​criminals deployed malware that locked down company systems and prevented access to critical information,” McMenamins said in an announcement Wednesday night. “The family business has reported the incident to the FBI and is also working with a cybersecurity firm to identify the source and extent of the attack.”

In ransomware attacks, cyber thieves typically take control of an organization’s computer systems, blocking access or threatening to disclose private information unless they receive a ransom payment.

McMenamins said all of its properties remained open, but the attack took email and credit card scanners offline, forcing the company to resort to alternative payment systems. The channel said that a separate payment processing service manages customers’ payment information and said there was “no indication” the attack breached those systems.

Employee data, however, “may have been compromised.” These records potentially include workers’ names, addresses, email addresses, phone numbers, birthdays, social security numbers, and banking information.

McMenamins said he will offer identity protection services to employees as he works to determine the extent of the attack. The company had 3,000 employees at the start of the pandemic; it did not immediately respond to inquiries about the current size of its workforce on Wednesday evening.

“What makes this violation especially disheartening is that it adds further to the strain and hardship our employees have endured over the past two years,” said Brian McMenamin, a family member who owns the business. “We ask our customers to grant our employees an additional grace as we make temporary adjustments to the way we process transactions and reservations, given the impacts on our systems of this breach. We hope this holiday season marks a positive turning point for all of us and appreciate the patience and understanding of our loyal customers and partners. “

This week, businesses large and small are scrambling to respond to a vulnerability in the Apache log4j logging package, obscure software that is nonetheless ubiquitous in all manner of corporate computer systems and internet-connected devices. The so-called zero-day vulnerability is particularly alarming because it was exposed publicly before a software patch became widely available.

It is not clear whether the McMenamins attack was related to this vulnerability.

Hacking into corporate systems and ransomware attacks have become more and more frequent in recent years, often attributed to cybercriminals working overseas. This makes it particularly difficult for authorities to investigate such intrusions and hold thieves to account.

Notable attacks from Oregon include a breach of Burgerville’s payment systems in 2019 and a hack into children’s clothing retailer Hanna Anderson reported in 2020.

Such intrusions rarely result in widespread losses for customers, but put individual customers at increased risk of fraud. And attacks can produce costly disruption for businesses, especially small businesses without the knowledge or resources to effectively protect against intrusions or recover afterwards.

– Mike Rogoway | [email protected] | Twitter: @rogoway |


About Author

Comments are closed.