fbpx

McMenamins Ransomware Attack Compromises Employee PII Class Action

At the end of 2021, McMenamins, Inc. suffered a ransomware attack on its systems, exposing the personally identifiable information (PII) of uncounted current and former employees. This class action alleges that the company failed to take reasonable precautions in protecting and safeguarding employee information.

The class for this action is all persons throughout the US whose private information was exposed in the data breach discovered in or around December 2021 whose information was entered on McMenamins systems and who were sent notices of the data breach (employed at McMenamins between July 30, 2010 to December 12, 2021); and all persons throughout the US whose private information was exposed in the data breach discovered in or around December 2021 whose information was entered on McMenamins systems and who were affected but who did not receive a notice (employed at McMenamins between January 1, 1998 and June 30, 2010).

McMenamins is a company in Portland, Oregon that runs establishments such as historic hotels, movie theaters, breweries, pubs, and theater pubs. It has thousands of current and former employees in both Oregon and Washington.

The information McMenamins stores on employees includes names, addresses, dates of birth, Social Security numbers, health insurance information, and direct deposit bank account information.

The Notice of Data Breach sent around by McMenamins speculated that cybercriminals had gained access to the company’s computer systems around December 7, 2021 and launched a ransomware attack on December 12. They installed malware in the system which prevented McMenamins from accessing or using the information stored there.

Among other things, the hackers stole information for people who had been employed at the company between January 1, 1998 and June 30, 2010. The Notice stated, “We have not been able to recover these files or contact information for these previous employees.” It had therefore been unable to send them Notices. The hackers also stole files related to those who were employees between July 1, 2010 and December 12, 2021. These later employees were sent Notices.

McMenamins has offered all potentially affected current and former employees a twelve-month membership in Experian’s IdentityWorksSM.

The complaint alleges that McMenamins was late in sending out the Notices and has failed to provide basic information about the attack, such as how many people were affected, whether the stolen information was encrypted, and how it learned of the data breach. The complaint also claims that the company has been unable to assure employees as to whether all the data accessed has been recovered or destroyed.

The counts include negligence, breach of contract and breach of implied contract, breach of fiduciary duty, and violations of the Washington Consumer Protection Act.

Article Type: Lawsuit
Topic: Privacy

Most Recent Case Event

McMenamins Ransomware Attack Compromises Employee PII Complaint

January 28, 2022

At the end of 2021, McMenamins, Inc. suffered a ransomware attack on its systems, exposing the personally identifiable information (PII) of uncounted current and former employees. This class action alleges that the company failed to take reasonable precautions in protecting and safeguarding employee information.

McMenamins Ransomware Attack Compromises Employee PII Complaint

Case Event History

McMenamins Ransomware Attack Compromises Employee PII Complaint

January 28, 2022

At the end of 2021, McMenamins, Inc. suffered a ransomware attack on its systems, exposing the personally identifiable information (PII) of uncounted current and former employees. This class action alleges that the company failed to take reasonable precautions in protecting and safeguarding employee information.

McMenamins Ransomware Attack Compromises Employee PII Complaint
Tags: Exposing Private Information, Exposure to cyber crime, Your Privacy