The audio equipment maker Bose has disclosed a data breach, where an unauthorized party had accessed some of the sensitive data on its US systems. The breach resulted from a ransomware attack on Bose’s US systems, which reportedly happened in early March. While there’s no clue for any stolen data, Bose has notified the affected employees already and is now investigating the matter further.
Bose Disclosed a Data Breach
Bose, an audio equipment manufacturer for consumers and businesses, has recently reported a data breach incident to the New Hampshire’s Office of the Attorney General. This includes the company falling victim to a ransomware/malware attack in early March this year that subsequently led to accessing the private information of some Bose employees.
In its filing, Bose said they hadn’t paid any ransom to the threat actor and instead hired external security experts to recover the files from the impacted systems. Also, they hired forensic experts to investigate what data is being accessed and how much. While the investigation is in progress, Bose said that the unauthorized party has managed to access a part of their employees’ PII in late April.
This includes the employees’ names, social security numbers, compensation information, and other HR-related information – obtained through some internal spreadsheets with administrative information maintained by their HR department. While the unauthorized access was confirmed, there’s no evidence for data exfiltration found out.
Yet, Bose has informed the few employees affected by this incident and been looking for any possible leaks in the dark websites of ransomware groups. Also, the company now claims to have tightened the security as follows;
- Changed passwords for all end-users and privileged users.
- Enhanced malware/ransomware protection on endpoints and servers further enhances our protection against future malware/ransomware attacks.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Changed access keys for all service accounts.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Performed detailed forensics analysis on the impacted servers to analyze the impact of the malware/ransomware
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.