Kitchenware company Meyer Corp. revealed it suffered a data breach. The ransomware attack targeted company data, including names, addresses, ethnicity, date of birth, gender, immigration status and more. 

“Upon detecting the attack, Meyer initiated an investigation with the assistance of our cybersecurity experts, including third-party forensic professionals,” a data breach notice reads. The attack affected four Meyer subsidiaries, including Hestan Commercial Corporation, Hestan Smart Cooking, Hestan Vineyards and Blue Mountain Enterprises, LLC. 

In a notice sent to Meyer employees, the company noted that threat actors may have exfiltrated sensitive personally identifiable information, such as health insurance information and medical information, including COVID vaccination cards, driver’s licenses, and passport government-issued identification numbers, Permanent Resident Card and information regarding immigration status.

Though Meyer did not disclose what form of ransomware was used, the Conti ransomware gang has taken credit for the attack. In the past year, the ransomware as a service (RaaS) operation has been the culprit behind several attacks on organizations such as Ireland’s health service, Tesla, Apple and hospitals in Texas and Florida. 

To get ahead of RaaS operations like Conti, Aaron Sandeen, CEO and co-founder of Cyber Security Works, recommends adopting a risk-based approach. Sandeen says, “Ideally, organizations should seek out near real-time vulnerability platforms that can centralize threat data and identify, investigate and rank vulnerabilities based on weaponization — a more effective approach than waiting for reports to be formalized, interpreted and delegated.”