Bose Victim of Ransomware and Data Breach
Table of Contents
- By Dawna M. Roberts
- Published: Jun 11, 2021
- Last Updated: Mar 18, 2022
Yesterday (May 24), the BleepingComputer reported that audio equipment giant Bose recently disclosed a data breach following a ransomware attack that occurred in March.
What Happened?
Bose filed a breach notification letter with the New Hampshire’s Office of the Attorney General and discussed that they “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”
The company also mentioned in the notice that “Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021,”
How Did Bose Respond?
Immediately following the attack, Bose hired threat assessment and forensic experts to perform an audit and find out if any data had been accessed or exfiltrated.
According to the BleepingComputer “We did not make any ransom payment,” Bose Media Relations Director Joanne Berthiaume told BleepingComputer. “We recovered and secured our systems quickly with the support of third-party cybersecurity experts.”
Bose added, “There is no ongoing disruption to our business, and we are focused on providing our customers with the great products and experiences they have come to expect from Bose.”
What Data is at Risk?
During the forensic evaluation and investigation, the company discovered that current and historical employee data files were accessed and possibly copied.
In the breach notification letter, Bose disclosed that “Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department.”
They added that the files contained personal information like social security numbers, compensation information, and HR-related data of some employees.
However, during its investigation, Bose did not find any evidence that the bad actors actually exfiltrated that data out of its systems. They did comment that the attackers did access “a limited set of folders.”
What Now?
Bose is working closely with local and federal law enforcement to investigate the matter further. Their team is keeping a close eye on the dark web watching for any leaked data as a countermeasure. The breach notification assured that “Bose has not received any indication through its monitoring activities or from impacted employees that the data discussed herein has been unlawfully disseminated, sold, or otherwise disclosed.”
Additionally, Bose has reassured the Attorney General that immediately following the attack, they have taken the following steps to mitigate the damage:
- “Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
- Performed detailed forensics analysis on the impacted server to analyze the impact of the malware/ransomware.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Changed passwords for all end-users and privileged users.
- Changed access keys for all service accounts.”
“Bose is a privately-held consumer electronics company that manufactures audio equipment for entertainment and the aviation and automotive industries.”
How Employees Can Protect Themselves
Regardless of whether or not the employees’ data shows up on the dark web, they should at least sign up for identity theft monitoring to protect themselves and keep an eye on their credit reports. Other things affected employees can do to protect themselves are:
- Change any passwords that may have been stored on Bose servers.
- Regularly monitor all checking accounts and credit card activity.
- Get a copy of your credit report.
- Consider a credit freeze.
- Watch for phishing emails and fraud calls.