Headphone and speaker maker company Bose Corporation has disclosed a data breach after a ransomware attack that exploited the company’s systems in early March.
In a data breach notification letter filed with New Hampshire’s Office of the Attorney General, Bose said that it “encountered a complex cyber-incident that ended in the deployment of malware/ransomware across” its “environment.”
Additionally, audio equipment manufacturer company Bose said that they first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021.
The audio maker hired external security experts to recover the affected systems following the attack and forensic experts to conclude whether any of the data was accessed or exfiltrated by the attackers.
Table of Contents
Employees’ data accessed during the attack
During the investigation of the ransomware attack’s impact on the network, the audio maker found that personal details of the existing and former employees’ were accessed by the bad actors.
Bose stated that, on the basis of their investigation and forensic analysis carried out, Bose had identified, on April 29, 2021, that the bad actor who performed the cyber-attack likely accessed a small number of internal spreadsheets with administrative information maintained by their Human Resources department (HRD).
The spreadsheets included some specific information about the current employees and former employees of Bose.
The audio equipment manufacturer said that personal information like the names, Social Security Numbers, compensation information, and other HR-related information were exposed in the ransomware attack.
Meanwhile, Bose didn’t find that the threat actors exfiltrated the data out of its network, the company states that attackers were just able to access a limited set of folders.
No proof of leaked stolen data available on the dark web
The audio maker stated, Bose has hired experts to have a watch over the dark web for any indications of leaked data and simultaneously, working with the U.S. Federal Bureau of Investigation (FBI).
Bose hasn’t received any indication via its monitoring activities that the data have been illegally sold or disclosed.
Following the ransomware attack, Bose took the following steps to defend against future attacks:
- Improved malware/ransomware protection on the endpoints and servers will additionally boost our protection against future malware/ransomware attacks.
- Executed detailed forensics analysis on the affected servers to examine how impactful the malware/ransomware can be.
- Blocked the malicious files utilized during the attack on endpoints so as to avoid the additional spread of the malware or data exfiltration trials.
- Improved monitoring and logging process for early detection of any malicious activities performed by the threat actor or similar types of attacks in the future.
- Blocked lately discovered malicious websites and IPs associated with this threat actor on external firewalls to avoid potential exfiltration.
- Changed the passwords for all end-users and privileged users.
- Changed the access keys for all service accounts.
On May 19, the company sent notification letters about the breach to the individuals who were affected by the ransomware attack.
Looking for more Security News, subscribe to our newsletter and get regular updates on cybersecurity.
