Posted On January 28, 2022 Consumer Privacy & Data Breaches
January 28, 2022 – Recently, McMenamins, Inc. announced that the personal information of approximately 20,504 former employees was compromised in a data breach. Our data breach attorneys are investigating this cybersecurity incident to determine if consumers could have the grounds for a data breach class action lawsuit.
The company recently reported that, on December 12, 2021, an unauthorized party gained access to certain files on its servers. A subsequent investigation revealed that the files may have contained the following information pertaining to individuals previously employed by the company between July 1, 2010, and December 11, 2021:
According to reports, McMenamins, Inc. does not know which individuals’ information was actually accessed and cannot confirm that the unauthorized party retained any of the information.
However, anyone in receipt of a McMenamins, Inc. data breach notification letter may now face an increased risk of identity theft and other financial losses. Attorneys are now investigating this recent cybersecurity incident to determine whether the company took the necessary steps to keep your data secure and whether those impacted by the breach can pursue a class action lawsuit.
A data breach occurs when a hacker or other unauthorized party secretly gains access to sensitive consumer information stored on a company’s servers through some kind of cyberattack. Once a hacker obtains consumer data, they may use the information to commit identity theft or for other criminal purposes. Sometimes hackers will sell the data they obtain through a cyberattack to the highest bidder.
No one can tell with certainty why a hacker targeted your data in a data breach or what they plan to do with it, but the fact that your sensitive information is in the hands of an unauthorized party puts you at a greater risk of identity theft.
As consumers, we all provide personal data to companies for a variety of reasons. We trust these companies to protect our private data and keep this information secure. Unfortunately, data breaches happen frequently.
Attorneys are investigating data events like this security breach to determine the legal rights of consumers who trusted corporations with their sensitive information. Often, hackers target companies that rely on outdated or otherwise inadequate data-security measures. If it is determined that McMenamins, Inc. did, in fact, fail to properly protect consumers’ data in some way, the individuals affected may be eligible to pursue compensation for their financial losses.
While consumers should be careful about providing data only to legitimate companies for legitimate purposes, even well-known legally established companies can become the target of a data breach cyberattack.
Consumers who receive a data breach notification letter should carefully read the letter in its entirety and retain it for future reference.
If the company affected by the breach is offering consumers any credit monitoring or identity theft protection services, the consumer should follow the directions outlined in the letter to promptly sign up for these services. Do not assume that you are automatically enrolled in these services.
To protect and preserve their legal rights, it is highly recommended that individuals who received notice that their data may have been compromised immediately reach out to an experienced data breach attorney.
Companies have an ethical and legal duty to protect consumers’ and former employees’ personal, identifying, financial, and health information. While developing and implementing a comprehensive and up-to-date data-security system is costly, this is a necessary cost of doing business in an environment where cyberattacks and data breaches are common.
Data breach laws are complex, and just because your information may have been accessed while in McMenamins, Inc.’s care doesn’t necessarily make this company legally responsible. However, if a company fails to take appropriate actions to protect consumers’ sensitive information, it may face liability through a data breach class action lawsuit.
At Console & Associates, P.C., our data breach lawyers are actively investigating the McMenamins, Inc. data breach to determine what legal remedies, if any, affected parties have. If evidence emerges that the company mishandled your data leading up to the data breach or chose not to maintain adequate security measures, you may be eligible for financial compensation through a data breach class action lawsuit.
If you received a data breach notification letter, it is important that you not only protect yourself from possible fraud but also preserve your legal rights by speaking to a data breach attorney. Consumer privacy lawyers are undertaking investigations in legal matters involving all types of data breaches, ransomware attacks, and cyberattacks on a no-win, no-fee basis.
See a copy of the letter below:
DATA BREACH NOTIFICATION
As you might have learned, McMenamins experienced a cyberattack in early December 2021. We have determined that this attack may have affected your personal information in company records relating to persons previously employed with McMenamins between July 1, 2010, and December 11, 2021. This letter explains the incident, your information potentially affected, and how you can protect yourself, including identity and credit protection services that we are providing to you.
WHAT HAPPENED. On December 12, 2021, McMenamins suffered a ransomware attack. As soon as we realized what was happening, we blocked access to our systems to contain the attack that day. Cybercriminals deployed malicious software on the company’s computer systems that prevented us from using these systems and the information they contain.
WHAT INFORMATION WAS INVOLVED. We have determined that the hackers stole certain business records, including human resources/payroll data files for previous employees. These files contain the following categories of employee information: name, address, telephone number, email address, date of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security number, health insurance plan election, income amount, and retirement contribution amounts. It is possible that the hackers accessed or took records with direct-deposit bank account information, but we do not have any indication that they did, in fact, do so.
WHAT WE ARE DOING. We are investigating this incident and working to get business back online. We notified the FBI and are cooperating with their efforts. We are working with an experienced cybersecurity investigation firm to understand the attack, restore our systems, and enhance our security. We have notified the Attorney Generals of Oregon and Washington, major credit reporting bureaus, and the news media. If we learn additional information affecting you, we will provide further notice.
WHAT YOU CAN DO TO PROTECT YOUR INFORMATION. You should be vigilant when responding to communications from unknown sources and regularly monitor your financial accounts and healthcare information for any unusual activity. If you notice any unusual activity, you should immediately notify your financial institutions (e.g., your bank) and your health insurer. A set of recommendations for identity theft protection and details on how to place a fraud alert or a security freeze on your credit file is enclosed. If you suspect that you are the victim of identity theft or fraud, you should notify your state Attorney General’s Office and the Federal Trade Commission. These agencies’ contact information is enclosed.