PORTLAND, Ore. — Portland hotel and brewpub chain McMenamins was hit with a ransomware attack that may have compromised employees' personal information, but no customer payment information appears to have been impacted, the company said Wednesday.
A ransomware attack occurs when a cybercriminal deploys malicious software to block access to a company's computer system. The system is supposed to remain blocked until a fee is paid to the attacker.
McMenamins said the ransomware attack was identified and blocked on Dec. 12. The company said it notified the FBI and hired a cybersecurity firm to identify the source and full scope of the attack.
In a news release, the company said it's possible that employee data such as names, addresses, dates of birth, Social Security numbers, direct deposit bank account information and benefits records may have been obtained, but "it is not currently known whether that is the case."
"To provide employees with peace of mind, McMenamins will be offering employees identity and credit protection services, as well as a dedicated help line through Experian," the company said.
The company said there is "no indication" that customer payment data was compromised.
"A payment processing service manages the collection of such information. Further, this information is not stored on company computer systems impacted by the attack," the company said.
Many operational systems, including credit card scanners, have been taken offline, requiring temporary changes in payment processing at some McMenamins locations.
“What makes this breach especially disheartening is that it further adds to the strain and hardship our employees have been through in the past two years,” said co-owner Brian McMenamin. “We ask that our customers give our employees extra grace as we make temporary adjustments in the way we process transactions and reservations, given the impacts to our systems by this breach.”
The company said it's unknown when the issue will be resolved and systems back up and running.
Kerry Tomlinson, a cyber news reporter at Ampere News, said there are a few things companies can do to help prevent these attacks.
"As a business you need to have backups," Tomlinson said. "If ransomware hits and they're demanding ransom for you get your files back, you can say thanks a lot but I already have backups."
Tomlinson said employees need to be extra cautious to help prevent cyber attacks by avoiding suspicious emails, creating different passwords for each website used and using a multi-factor authentication step to add an extra layer of security.
"It will happen more and more," Tomlinson said. "It's only going to get bigger. If you're not paying attention now, you need to pay attention."
All McMenamins locations remain open despite the breach.