Kitchenware maker Meyer hacked by Conti ransomware gang

Kitchenware maker Meyer Corp. U.S. has disclosed that employee data was stolen in a ransomware attack that targeted the company in October.

In a data breach notification filed with the Office of the Maine Attorney General, Meyer said that the breach occurred on Oct. 25 but was not discovered until Dec. 1. The attack affected Meyer and its subsidiaries, including Hestan Commercial Corp., Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises LLC.

According to a letter sent to those affected, the attack saw a range of data stolen. The stolen data includes first and last name; address; date of birth; gender; race/ethnicity; Social Security number; health insurance information; medical information; driver’s license, passport or government-issued identification number; and Permanent Resident Card and information regarding immigration status.

While Meyer did not report the form of ransomware used in the attack, Bleeping Computer reports that the infamous Conti ransomware gang has claimed responsibility. The gang posted on their dark web page on Nov. 7 that it hacked the company and offered a 246 MB file that is claimed to include 2% of the data stolen as proof of the attack. No further data has been published by the gang since.

The Conti ransomware gang first emerged in 2020 and has been linked to a range of attacks. Previous victims include Ireland’s health service, Advantech Co. Ltd, voice-over-internet-protocol hardware and software maker Sangoma Technologies Corp. and hospitals in Florida and Texas. Their most recent attack targeted Tesla Inc. and Apple Inc. supplier Delta Electronics Inc. in January.

The U.S. Federal Bureau of Investigation issued a warning about the Conti ransomware gang in May, followed by a warning from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in September.

“Ransomware groups such as Conti have been a thorn in the side of organizations from almost all industries and around the world,” Erich Kron, security awareness advocate at security awareness training company KnowBe4 Inc., told SiliconANGLE. ”

Kron said that the impact of the ransomware attack goes beyond the theft of data alone, explaining that an affected company must deal with the fact that the data was stolen in the first place. “In heavily regulated industries or localities with strong privacy laws, this can result in significant fines and other financial impacts,” Kron added.

Image: Meyer