Bose Corporation (Bose) has disclosed a data breach from a ransomware attack. The attack hit it’s systems in early March and the company has just finished an initial investigation.
In a breach notification letter filed with New Hampshire’s Office of the Attorney General, the company reported “a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its network. “Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021.”
The audio maker has immediately launched an investigation with the help of external security experts to restore impacted systems and determine if any of its data was accessed or exfiltrated by the threat actors. The investigation eventually showed that some of its current and former employees’ personal information and administrative data was compromised:
“Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department. These files contained certain information pertaining to employees and former employees of Bose,” Bose said.
Exposed employee records included names, Social Security Numbers, compensation information, and other HR information.
The investigators did not find evidence that the threat actors managed to exfiltrate data. However, the attackers did interact with certain folders. Bose has not determined whether the compromised data have been unlawfully disclosed or sold.
The audio maker has shared the incident details with the FBI:
“Bose has engaged experts to monitor the dark web for any indications of leaked data, and has been working with the U.S. Federal Bureau of Investigation,” the company said.
Bose reportedly took the following measures to defend against future attacks:
- Enhanced malware/ransomware protection on endpoints and servers
- Performed detailed forensics analysis
- Blocked newly identified malicious sites and IPs linked to this threat actor
- Changed passwords for all users
- Blocked the malicious attackers’ files on endpoints
- Enhanced monitoring and logging
- Changed access keys for all service accounts.
The company has notified impacted individuals on May 19.
If employees’ info had been exfiltrated from Bose’s systems, the stolen data could be used by the ransomware gang to further leaks or ransom demands.