Bose Victim of Ransomware and Data Breach

Posted on by Dawna M. Roberts in News June 11, 2021
https://content.infopay.net/storage/thumbnails/opAPmVfzq5EXwJKAJuFgWcJvcgUdlbMwt4Y28d41.jpg

 Yesterday (May 24), the BleepingComputer reported that audio equipment giant Bose recently disclosed a data breach following a ransomware attack that occurred in March.

What Happened?

Bose filed a breach notification letter with the New Hampshire’s Office of the Attorney General and discussed that they “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”

The company also mentioned in the notice that “Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021,”

How Did Bose Respond?

Immediately following the attack, Bose hired threat assessment and forensic experts to perform an audit and find out if any data had been accessed or exfiltrated.

According to the BleepingComputer “We did not make any ransom payment,” Bose Media Relations Director Joanne Berthiaume told BleepingComputer. “We recovered and secured our systems quickly with the support of third-party cybersecurity experts.”

Bose added, “There is no ongoing disruption to our business, and we are focused on providing our customers with the great products and experiences they have come to expect from Bose.”

What Data is at Risk?

During the forensic evaluation and investigation, the company discovered that current and historical employee data files were accessed and possibly copied.

In the breach notification letter, Bose disclosed that “Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department.”

They added that the files contained personal information like social security numbers, compensation information, and HR-related data of some employees.

However, during its investigation, Bose did not find any evidence that the bad actors actually exfiltrated that data out of its systems. They did comment that the attackers did access “a limited set of folders.”

What Now?

Bose is working closely with local and federal law enforcement to investigate the matter further. Their team is keeping a close eye on the dark web watching for any leaked data as a countermeasure. The breach notification assured that “Bose has not received any indication through its monitoring activities or from impacted employees that the data discussed herein has been unlawfully disseminated, sold, or otherwise disclosed.”

Additionally, Bose has reassured the Attorney General that immediately following the attack, they have taken the following steps to mitigate the damage:

  • “Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
  • Performed detailed forensics analysis on the impacted server to analyze the impact of the malware/ransomware.
  • Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
  • Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
  • Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
  • Changed passwords for all end-users and privileged users.
  • Changed access keys for all service accounts.”
The company also notified all affected individuals in writing.

According to BleepingComputer,

“Bose is a privately-held consumer electronics company that manufactures audio equipment for entertainment and the aviation and automotive industries.”

How Employees Can Protect Themselves

Regardless of whether or not the employees’ data shows up on the dark web, they should at least sign up for identity theft monitoring to protect themselves and keep an eye on their credit reports. Other things affected employees can do to protect themselves are:

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagram’s c... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “Alien” is ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the country, ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% of the... Read More

FREE IDENTITY THREAT SCAN
Scan Your Records for Breaches, Leaks & Exposures!