In March, Craft Beer Company GP, including its subsidiaries Duvel Moortgat USA, Boulevard Brewing Company, and Brewery Ommegang, experienced a cyberattack. The attack led to the release of personal information of up to 1,584 people, as announced by the Kansas City-based company on May 8. Upon discovering the unauthorized access on March 5, the company took immediate action to contain the incident by isolating sites, shutting down servers, and disconnecting from the internet.
The company launched an internal investigation, contacted law enforcement, and engaged external cybersecurity experts to conduct a thorough investigation. They implemented recommended actions to prevent further data disclosure and continued efforts to remediate the incident. While the network has been secured, investigations and remediation efforts are still ongoing.
During the investigation, it was found that personal information of current and former employees and their dependents was stolen. The compromised data includes names, home addresses, social security numbers, passport or other government IDs, bank account numbers, health insurance information, and details related to medical leave. The company has begun notifying the affected individuals and is offering 24 months of identity protection services and credit monitoring.
In response to the attack, the company is taking additional security measures, including re-training staff and updating its policies and procedures to enhance its cybersecurity program. Although there is no evidence that the stolen information has been misused, the company remains vigilant and committed to preventing future incidents. No further details were available on the nature of the cyberattack or the perpetrators behind it.
