US-based kitchenware giant Meyer Corp has disclosed a cyberattack that may have led to the exposure of employee data.
According to a notice filed with the Office of the Maine Attorney General, the company suffered a ransomware attack on Oct. 25, 2021 that also affected four subsidiaries, including Hestan Commercial Corp., Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises LLC.
During the investigation, Meyer found that the attackers gained unauthorized access to its employee database. However, the company has yet to confirm the extent of the data breach and the number of employees impacted.
“Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals,” the data breach notice reads. “On or around December 1, 2021, our investigation identified potential unauthorized access to employee information. While we do not currently have evidence that your specific information has been actually accessed or impacted, we want to inform you of this incident so that you may consider taking additional steps to help protect your information.”
Potentially exposed information
In a data breach notice sent to Meyer employees, the company said the cybercriminals may have accessed and exfiltrated sensitive personally identifiable information. This includes full names, physical address, date of birth, gender, race or ethnicity, Social Security numbers, health insurance information, medical information including COVID vaccination cards, driver’s licenses, passport or government-issued identification numbers, Permanent Resident Card and information regarding immigration status.
In response to the breach, Meyer is offering a two-year subscription to identity theft protection services to impacted individuals.
Conti Ransomware Gang Claims Responsibility
Although Meyer offered no additional information on the cyberattack, BleepingComputer investigators found a data leak file on the Conti ransomware gang’s website dated Nov. 7, 2021.
In their post, the gang offers a ZIP file (246 MB) that allegedly contains 2% of the data stolen during the Meyer attack. No attempts to publish additional information have been found so far.
Are you a data breach victim? Find out now if your personal info has been stolen or made public on the internet, with Bitdefender’s Digital Identity Protection tool.
Our privacy-focused service scours the web for exposure of your email addresses, breached passwords and other personal data so you can stay on top of privacy threats with real-time data breach alerts and one-click action items to help you prevent potential financial damages.