Cyber Incident Victim: McMenamins

On December 12, 2021, McMenamins, a Pacific Northwest brewery, restaurant, and hotel chain operating across Oregon and Washington, suffered a ransomware attack attributed to the Conti cybercrime group. The attack encrypted servers, workstations, and point-of-sale (POS) systems, disrupting corporate IT infrastructure and payment processing. McMenamins detected and blocked the attack on the same day, initiating an immediate containment response that involved isolating critical systems—including corporate email and credit card scanners—to prevent further propagation. The company engaged the Federal Bureau of Investigation (FBI) and a third-party cybersecurity firm to investigate the incident’s origin and scope. While physical locations remained open, operational disruptions forced temporary shifts to alternative payment methods, suspending gift card sales and redemptions due to the POS shutdowns.

Initial forensic analysis indicated no compromise of customer payment data, which McMenamins stated was managed externally by a third-party processor. However, internal employee data—including names, addresses, Social Security numbers, dates of birth, direct deposit details, and benefits records—was potentially accessed or exfiltrated. The company proactively offered affected employees identity protection services and credit monitoring through Experian, alongside a dedicated support line. Conti’s involvement raised concerns about possible data theft, as the group historically exfiltrates data before encryption, though McMenamins’ investigation did not initially confirm this. The prolonged network access period also introduced risks of secondary threats, such as undetected POS malware for card skimming, requiring further analysis by the cybersecurity firm. Recovery efforts focused on restoring encrypted systems while maintaining operations through manual workarounds, with full impact assessment pending the completion of the external investigation.