Audio maker Bose discloses ransomware attack that exposes former employee data

On the 7^th of March 2021, Bose Corporation detected the ransomware on their systems and immediately initiated their incident response protocols to activate its technical team with the goal of containing the incident.

After containing the incident, Bose started an investigation of the incident and worked with its forensics experts to determine the data that may have been accessed and/or exfiltrated. During the investigation, Bose determined that data from internal administrative human resources files relating to 6 former New Hampshire employees of Bose Corporation was accessed and could have potentially been exfiltrated on April 29, 2021. The accessed personal information contained in these files include name, Social Security Number, and compensation-related information.

Bose Corporation stated they had “no evidence that this information has been misused or disseminated by third parties.”

The company also said it boosted internal security procedures and taken the following actions:

• Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
• Performed detailed forensics analysis on impacted servers to analyze the impact of the malware/ransomware.
• Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
• Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
• Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
• Changed passwords for all end-users and privileged users.
• Changed access keys for all service accounts.

At the time of writing, no major ransomware gang has taken credit for the Bose ransomware attack.