Cyberattackers Cook Up Employee Personal Data Heist for Meyer

Meyer Corp., maker of Farberware and the largest cookware and bakeware distributor in the U.S., has begun notifying 2,747 employees that a cyberattack that occurred on Oct. 25 compromised their personal data.

Meyer filed a notice with the state of Maine disclosing the breach, which it discovered on Dec. 1. And while the report given to the Maine Attorney General doesn’t specifically name the culprit behind the attack, the Conti ransomware group had already announced on its leak site on Nov. 7 it was in possession of the employee data files, according to a report this week on the cyberattack.

Click to Register for FREE

Meyer, based in Vallejo, Calif., was storing detailed information on its employees, including names, Social-Security numbers, driver’s-license numbers and more, along with their name or other personal identifier. Other information which could now potentially be in the hands of the Conti ransomware operators include drug screening results, immigration information and health and medical information.

The company didn’t reveal many additional details of the strike, but it’s worth noting that Meyer is just one of many companies breached by Conti’s prolific ransomware operations.

Conti’s Prolific Ransomware Operations

“Ransomware groups such as Conti have been a thorn in the side of organizations from almost all industries and around the world,” Erich Kron, security awareness advocate for KnowBe4, told Threatpost. “Attacks such as this one by the Conti group are typically a ransomware type of attack that first steals the data, then encrypts it and holds the decryption key ransom.”

But even if the company pays the demanded ransom, its employees, partners and customers remain vulnerable to subsequent shakedowns.

“In addition, the groups generally threaten the victim organization with exposure of the stolen data, which can include customers, employees, financial information or intellectual property, among other things, if they do not pay,” Kron said.

Just this month, KP Snacks, a U.K.-based food giant, was hit by Conti ransomware, causing delays in deliveries across the country.

Keeping Conti Out of Your Cloud

Keeping such sensitive data stored in the cloud is a common practice, but leaves companies vulnerable to attack if not properly secured, Amit Shaked, CEO of Laminar, explained in response to the Meyer breach.

“Data is no longer a commodity, it’s a currency — as this incident represents. Information within an organization’s network is valuable to both businesses and attackers,” Shaked said via email. “This incident also reminds us that with a majority of the world’s data residing in the cloud, it is imperative that security becomes data-centric and solutions become cloud-native.”

Full integration with the cloud is also critical, Shaked added.

“Solutions need to be completely integrated with the cloud in order to identify potential risks and have a deeper understanding of where the data reside,” he said. “Using the dual approach of visibility and protection, data protection teams can know for certain which data stores are valuable targets and ensure proper controls, which allows for quicker discovery of any data leakage.”

Keeping ahead of sophisticated groups like Conti ransomware operators requires a clear, risk-based approach, Aaron Sandeen, CEO and co-founder, Cyber Security Works added.

“Ideally, organizations should seek out near real-time vulnerability platforms that can centralize threat data and identify, investigate and rank vulnerabilities based on weaponization – a more effective approach than waiting for reports to be formalized, interpreted and delegated,” advised Sandeen.

But beyond technical solutions, Kron added strong security training for employees will also help keep cyberattackers, like Conti, at bay.

Because groups such as Conti and other bad actors use email phishing as a top method of gaining initial network access, it has never been more critical to foster a strong, good, security culture through security awareness training and regular simulated attacks.”

_Join Threatpost on Wed. Feb 23 at 2 PM ET for a _LIVE roundtable discussion_, “The Secret to Keeping Secrets,” sponsored by Keeper Security, will focus on how to locate and lock down your organization’s most sensitive data. Zane Bond with Keeper Security will join Threatpost’s Becky Bracken to offer concrete steps to protect your organization’s critical information in the cloud, in transit and in storage. _REGISTER NOW_ and please Tweet us your questions ahead of time @Threatpost so they can be_