Bose Ransomware Attack Exposed Employees’ Data, Company Confirms

Bose disclosed that the US-based company has been subject to a data breach following a ransomware attack in early March. Some of the employees’ information was accessed by the attackers. The premium audio equipment maker filed a breach notification letter with New Hampshire’s Office of the Attorney General around mid-May. Upon discovering the breach, the company initiated incident response protocols to restore the impacted systems. Bose also took a series of measures to protect itself from future attacks. Another ransomware attack on Colonial Pipeline had recently forced the shutdown of the largest oil pipeline in the eastern US earlier this month.

According to a breach notification letter from the company, Bose first discovered the attack on March 7. The company’s data from internal administrative human resources files relating to six former New Hampshire employees were accessed and potentially exfiltrated. The accessed information included the employees’ name, Social Security Number, and compensation-related information.

Upon detecting the breach, Bose employed its technical team to contain the incident. The company also worked with external forensics providers to investigate the attack. Bose said in the letter that the threat actors interacted with a limited set of folders and the systems have been restored.

Bose offered 12 months of identity protection services to the affected employees.

To defend itself from future cyberattacks, Bose detailed the following measures in its letter:

• Enhanced malware/ ransomware protection on endpoints and servers to further enhance our protection against future malware/ ransomware attacks.
• Performed detailed forensics analysis on impacted server to analyse the impact of the malware/ ransomware.
• Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
• Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
• Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
• Changed passwords for all end-users and privileged users.
• Changed access keys for all service accounts.

The largest fuel network in the eastern US, Colonial Pipeline, was also forced to halt its operation earlier this month following a ransomware attack. The company paid $4.4 million (roughly Rs. 32.19 crores) in ransom to hackers following the attack.