Updated: December 30, 2021
In early December 2021, McMenamins suffered a data breach that may have affected the personal information of certain current and previous employees. We regret this incident and want to make sure that potentially affected individuals have information and our support to protect their information.
This notice provides information specifically for individuals employed by McMenamins within the January 1, 1998 – June 30, 2010 time period for whom the company does not have contact information, along with general information about the incident. To help protect current and past employees’ identity, we are providing a 12-month membership of Experian’s® IdentityWorksSM. See details below.
For individuals employed July 30, 2010 – December 12, 2021, McMenamins mailed  individual notices with the same general information and individual codes so you can enroll in identity and credit monitoring and protection services. These notices were sent between December 21 and December 30 of 2021.
We also established a call center to answer questions about this incident: (888) 401-0552.  

For customer and other related FAQ's, please click here.

What Happened

On December 12, 2021, McMenamins suffered a ransomware attack. As soon as we realized what was happening, we blocked access to our systems to contain the attack that day. It appears that cybercriminals gained access to company systems beginning on December 7 and through the launch of the ransomware attack on December 12. During this time, they installed malicious software on the company’s computer systems that prevented us from using or accessing the information they contain.

Which Employees Were Affected and What Information Was Involved

We have determined that the hackers stole certain business records, including human resources/payroll data files for at least some individuals who were previously employed by McMenamins between January 1, 1998 and June 30, 2010. We have not been able to recover these files or contact information for these previous employees. Out of abundance of caution and for the purposes of providing this notice and credit monitoring support, we are assuming that all previous employees during this time period were potentially affected.
In addition, the hackers stole the same type of human resources files for persons employed by McMenamins between July 1, 2010 and December 12, 2021. Because we were able to recover the contact information for these individuals, McMenamins mailed to them individual notices containing the same general information about the incident and individual information for enrolling in identity and credit monitoring and protection services.
The affected files potentially contained the following categories of personal information for all potentially affected current and past employees: name, address, telephone number, email address, date of birth, race, ethnicity, gender, disability status, medical notes, performance and disciplinary notes, Social Security number, health insurance plan election, income amount, and retirement contribution amounts. Although it is possible that the hackers accessed or took records with direct-deposit bank account information, we do not have any indication that they did, in fact, do so.

What McMenamins Is Doing

McMenamins is investigating the attack and working to get business back online. We notified the FBI and are cooperating with their efforts. We are working with an experienced cybersecurity investigation firm to understand the attack, restore our systems, and enhance our security. We have notified the Attorney Generals of Oregon and Washington, major credit reporting bureaus, and the news media.
As noted above, we have sent individual notice letters to the first two categories of employees listed above – employees as of December 12, 2021, and individuals employed at some point between July 1, 2010 and December 11, 2021. We are providing identity theft and credit monitoring and protection services to all current and previous employees between January 1, 1998 and December 12, 2021, as explained below and strongly encourage all persons employed during this time range to enroll in these services. If we learn additional information affecting current or past employees, we will provide updated notice.

What You Can Do to Protect Your Information

You should be vigilant when responding to communications from unknown sources and regularly monitor your financial accounts and healthcare information for any unusual activity. If you notice any unusual activity, you should immediately notify your financial institutions (e.g., your bank) and your health insurer. A set of recommendations for identity theft protection and details on how to place a fraud alert or a security freeze on your credit file is posted here. If you suspect that you are the victim of identity theft or fraud, you should notify your state Attorney General’s Office and the Federal Trade Commission. These agencies’ contact information is available here.
To help protect current and past employees’ identity, we are providing a 12-month membership of Experian’s® IdentityWorksSM. This product provides you with identity detection and resolution of identity theft. To activate your membership and start monitoring your personal information please follow these steps:
  • Ensure that you enroll by: March 31, 2022. (Your code will not work after this date.)
  • Visit the Experian IdentityWorks website to enroll:
  • Individuals employed January 1, 1998 – June 30, 2010 should provide activation code VST426G5 and engagement number B022939 if enrollment support is needed.
  • Individuals employed July 1, 2010 – December 12, 2021 should use the activation code and engagement number in your individual letter. If you do not have your letter or code, please call (888) 401-0552 to initiate retrieval of your code.
If you have questions, need assistance with identity restoration, or would like an alternative to enrolling in Experian IdentityWorks online, please contact Experian’s customer care team at (888) 401-0552 by March 31, 2022. This call center can also answer questions you might have about the incident.
Additional details regarding your 12-month Experian IdentityWorks Membership
A credit card is not required for enrollment in Experian IdentityWorks.
Contact Experian immediately regarding any fraud issues, and have access to the following features once you enroll in Experian IdentityWorks: 
  • Experian Credit Report at Signup: See what information is associated with your credit file. Daily credit reports are available for online members only.*
  • Credit Monitoring: Actively monitors Experian file for indicators of fraud.
  • Identity Restoration: Identity Restoration agents are immediately available to help you address credit and non-credit related fraud.
  • Experian IdentityWorks ExtendCARETM: You will receive the same high level of Identity Restoration support even after your Experian IdentityWorks membership has expired.
  • Up to $1 Million Identity Theft Insurance:** Provides coverage for certain costs and unauthorized electronic fund transfers.
If you believe there was fraudulent use of your information and would like to discuss how you may be able to resolve those issues, please reach out to an Experian agent at (888) 401-0552. If, after discussing your situation with an agent, it is determined that Identity Restoration support is needed, then an Experian Identity Restoration  agent is available to work with you to investigate and resolve each incident of fraud that occurred (including, as appropriate, helping you with contacting credit grantors to dispute charges and close accounts; assisting you in placing a freeze on your credit file with the three major credit bureaus; and assisting you with contacting government agencies to help restore your identity to its proper condition).
Please note that this Identity Restoration support is available to you through December 31, 2022, and does not require any action on your part at this time. The Terms and Conditions for this offer are located at  This site also has self-help tips and information about identity protection.
We sincerely apologize again for this incident. We know that the past two years have been very hard on all of our employees, and we are committed to providing you with assistance and support. If you have questions regarding this matter, please contact the call center at (888) 401-0552.
General Tips – Identity Theft Prevention and Protection