A data breach notification letter was filed with New Hampshire’s Office of the Attorney General by Bose Corporation in which was stated that the company “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”
Bose is a privately-held consumer electronics company specialized in the manufacturing of audio equipment for the entertainment, aviation, and automotive industries.
Bose hired external security experts to restore impacted systems after the attack, but it also hired forensic experts in order to properly determine if any of its data was accessed or exfiltrated by the attackers.
The Bose representatives said they will not make any kind of ransom payment, as they seemingly managed to recover and secure the systems in a quick manner, by using the support of third-party cybersecurity experts.
It was discovered during the investigation that data belonging to a very small number of individuals were impacted.
There is no ongoing disruption to our business, and we are focused on providing our customers with the great products and experiences they have come to expect from Bose.
It looks like while investigating the ransomware’s attack impact on its network, Bose discovered the fact that some of its employees’ personal information was accessed.
Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department.
These files contained certain information pertaining to employees and former employees of Bose.
The exposed data in the ransomware attack included the names, SSNs, compensation information, and HR-related information belonging to a few employees.
At this time there’s no evidence that data got leaked on the darknet, as representatives from Bose are stating.
Bose has engaged experts to monitor the dark web for any indications of leaked data and has been working with the U.S. Federal Bureau of Investigation.
Bose has not received any indication through its monitoring activities or from impacted employees that the data discussed herein has been unlawfully disseminated, sold, or otherwise disclosed.
Bose announced that after becoming the victim of the ransomware attack, they took measures to defend against future attacks:
- Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
- Performed detailed forensics analysis on the impacted servers to analyze the impact of the malware/ransomware.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Changed passwords for all end-users and privileged users.
- Changed access keys for all service accounts.
Heimdal™ Ransomware Encryption Protection
- Blocks any unauthorized encryption attempts;
- Detects ransomware regardless of signature;
- Universal compatibility with any cybersecurity solution;
- Full audit trail with stunning graphics;
It remains unknown at this time who are the actors behind this attack, but the incident could lead to a data leak if the attackers managed to exfiltrate the employees’ info from Bose’s systems.