Cookware Company Meyer Leaked Employee Information

employee securityMeyer Corporation, a California-based corporation and a major player in the cookware market, is the latest victim of a seemingly endless stream of hacking attacks. Because an investigation is ongoing into the matter, the full extent of the attack cannot be disclosed. We do know that at least one database was stolen by the attackers, containing personal information for thousands Meyer employees.

The company has sent a breach notice and filed papers with both the California and Maine Attorney General offices. Individuals affected by the breach have received notification letters.

The notification begins with the following:

"Meyer Corporation was the victim in a cyberattack by an unidentified third party, which impacted our systems as well as our operations. Meyer began an investigation after noticing the attack. Meyer enlisted the help of third-party forensic experts and cybersecurity experts. Our investigation revealed potential unauthorized access of employee information on or about December 1, 2021."

"The type of employee information that was accessed in this incident depends on what information you presented to your employer. This information could include your full name, address, date of birth, gender, Social Security number, race/ethnicity, health insurance and medical information with diagnoses, drug screening results, COVID vaccination information, status, driver's license or passport; information about immigration status, and information about your dependents (including Social Security Numbers), that you provided to the company."

The company hasn't confirmed that the ransomware attack was carried out. The Conti gang, which makes heavy use ransomware, managed to breach the company's defenses in November 2002. Nearly 250 MB of data was leaked from their leak site, which was approximately 2 percent of all data taken during the attack.

There is not much to be thankful for. Your personal information is not at risk unless you are employed by the company. Meyer will offer two years of identity protection for free, even if you were one of the many people who received a notice letter. It's a small comfort, but it's still something.

Ways Your Employees Can Help Prevent Cyberattacks

email securityCriminals see humans as the weakest link, as technology tools to block cyberthieves are becoming more sophisticated and widespread. This means that business cybersecurity is more dependent on well-trained and alert employees.

Integrated Technology Systems reminds us that "the human factor is extremely important." It's important to realize that hackers can no longer be stopped from entering your network by relying only on antivirus software and firewalls. These devices would not be able to protect your data if they were as effective as they are.

Security analysts have noticed a strong increase in email-based attacks like phishing. This is when criminals send fake emails to businesspeople to trick them into downloading malware.  The Federal Bureau of Investigation, which monitors cybercrime against companies, found that email attacks on businesses rose 46% in the first half of 2021 compared to 2020.

However, employees can be made stronger by turning security weaknesses into strengths. Here are five methods to do that:

1. Teach them how to spot suspicious email addresses

Teach employees how to spot phishing scams. Employees should be taught to not open emails, even if they appear to be from reputable sources, if the sender has an unknown email address. They should be wary of emails that have spelling or grammar errors, ask them to click on a link, or make any other unusual requests.

Ask your IT staff to examine any suspicious emails to verify its authenticity.

We provide training for your staff and show them examples of suspicious messages. Using real-world threats is the best way to communicate a cybersecurity program.

2. Communicate best practices for selecting passwords

Many cybercrimes can be prevented by simply having employees choose better passwords. Remind employees that a six-letter passcode is more secure than a four letter password. A 10-letter password is also stronger than a six or six-letter one. It can be helpful to make passwords more complicated.

3. Establish policies to protect sensitive business information

Create and communicate protocols to protect passwords and user names. We suggest that employees are required to complete security training before they can use company computers. Companies need to prohibit employees from sharing logins to networks or software.  Small businesses should stop using the same username and password to access multiple employees.

4. Protect company and personal property from unauthorized access

Encourage employees to lock all doors and file servers rooms and refuse to allow strangers in. Hackers can easily gain access to a business' terminals and hack into its network.  It is crucial to ensure no one breaches your physical security.

5. Remind them to be secure

Employees should be reminded to check their email regularly. We suggest sending employees suspicious-looking emails from time to time as a way of following up on their training. Employees tend to pay more attention when they know they will be tested.

Still, firewalls, disk encryption and antivirus software play a critical role in cybersecurity. But so do people. Integrated Technology Systems recommends training your employees to be "human firewalls."

Integrated Technology Systems
6 East 45th Street, Suite 400
New York, NY 10017