Cyber Incident Victim: Meyer Corporation
Date:
Oct 2021
Location:
United States of America
Summary
Meyer Corporation, a major cookware and bakeware distributor, experienced a cyberattack compromising employee data, with the Conti ransomware group claiming responsibility and leaking a sample of stolen files. The breach exposed sensitive personal information including names, Social Security numbers, health insurance details, medical records, drug test results, immigration documents, and government identification numbers for 2,747 individuals. The attackers asserted possession of additional stolen data beyond the initially published archive but did not release further materials following their initial disclosure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Meyer Corporation, a California-based subsidiary of Meyer Manufacturing Co. Ltd and the largest cookware distributor in the United States, discovered a cyberattack on October 25, 2021. The company began notifying employees the following week that their personal data had been compromised in the incident. Stolen information included highly sensitive employee details such as names, addresses, birth dates, ethnicity, gender, driver’s license and passport numbers, health insurance policy details, medical information, random drug screening results, Social Security numbers, and immigration documentation. The breach notification submitted to the Maine Attorney General’s office confirmed that data belonging to 2,747 individuals was exfiltrated during the attack. Meyer did not disclose technical details about the intrusion method, compromised systems, or containment measures implemented following discovery.
The Conti ransomware operation claimed responsibility for the attack on November 7, 2021, through its dedicated leaks website. As proof of the compromise, the cybercrime group published a 245MB RAR archive containing stolen Meyer data. Conti further asserted it possessed several gigabytes of additional company files not released publicly at the time. No subsequent data disclosures related to the incident appeared on Conti’s platforms following this initial publication. The breach exposed employees to potential identity theft and fraud due to the comprehensive nature of the stolen personally identifiable information and protected health data. Meyer’s notification to affected personnel constituted the only publicly documented response action by the company regarding incident remediation or victim support.