PORTLAND, Ore. (KOIN) – KOIN 6 is learning more about the ransomware attack on McMenamins that happened in December, as the company says hackers retrieved private employee information dating back decades.

McMenamins is still saying no customer data was impacted. However, McMenamins says the records affected include human resource and payroll files that have employees’ and investors’ personal information like their names, social security numbers, addresses and health insurance information.

The company hired a cyber security forensics firm to investigate after they discovered the attack on December 12th. They’re also providing identity and credit protection and monitoring to those impacted. 

If this happens to you, experts say step one is contacting your financial institution. 

Portland State University professor of engineering and technology management Dr. Tugrul Daim explained “for example, in my case, somebody again hacked some other corporation got our information, then using that information hacked into our checking account and bought some cryptocurrency or tried to buy that.”  

Dr. Daim says both individuals and companies need to be proactive against cyber-attacks like this. 

“The most important thing, is to develop a comprehensive assessment, not just looking at technical, but personal and organizational elements,” Daim said.

He says to change your passwords, make sure your data is backed up, monitor your credit and be smart about what you share online. 

Dr. Daim said PSU has a program to help companies identify their weaknesses, but he says training employees is just as important. He noted that hackers often gain access through users who open or click on something they shouldn’t.

“The problem is not just technical, there is personal and organizational issues, so many times we approach technologies as if it’s only a technical matter…but it’s the users, us who actually are causing many of the problems,” Daim said.

Everyone who worked for McMenamins between July 1, 2010 and December 12, 2021 was sent a letter outlining the personal information that was stolen. People who worked between January 1, 1998 and June 30, 2010 should visit the McMenamins website for help and instructions.

“We’re devastated our people need to do so, but we’re urging them to vigilantly monitor their accounts and healthcare information for anything unusual. They should immediately notify their financial institutions or health providers if they see anything out of sort,” said Brian McMenamin. “They should sign up immediately for free monitoring and identity theft protection. All the information is on our website, and we encourage them to call with any questions.”

McMenamins also set up a hotline for questions: 888.401.0552.