Meyer Corporation is a California-based company and a giant in the cookware industry. Meyer is the latest victim in a seemingly never-ending parade of hacking attacks. The full extent of the attack has not yet been disclosed because an investigation into the matter is ongoing. However, we do know at this point that the attackers made off with at least one database containing the personal information of thousands of Meyer employees.
The company issued a breach notification and has filed papers with the Attorney General office in both Maine and California. Notification letters have already been sent to individuals impacted by the breach.
The notification reads in part, as follows:
“Meyer was the victim of a cybersecurity attack by an unauthorized third party that impacted our systems and operations. Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals. On or around December 1, 2021, our investigation identified potential unauthorized access to employee information.
The types of personal information that may have been accessed during this incident will depend on the types of information you have provided to your employer, but may include: first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical condition(s) and diagnoses; random drug screening results; COVID vaccination cards and status; driver’s license, passport, or government-issued identification number; Permanent Resident Card and information regarding immigration status; and information regarding your dependents (including Social Security numbers), if applicable that you may have provided to the company in the course of your employment.”
The company has not confirmed that the attack was a ransomware attack. However, the Conti gang who makes heavy use of ransomware successfully breached the company’s defenses last November (in 2021). Their leak site contained nearly 250 MB of data which represented about 2 percent of the total data stolen from the company during that attack.
It’s not much of a silver lining. At least in this case, unless you work for the company, your personal information does not appear to be at risk. Even if you are one of the unfortunate people who received a notification letter from Meyer you will be offered two years’ worth of free identity protection. That’s small consolation but it’s something.