Wed | May 26, 2021 | 9:27 AM PDT

Bose is known for crystal clear and extremely rich sound from its speakers and headphones.

But Bose employees are hearing something less enjoyable right now.

The company announced it is dealing with a ransomware attack that has possibly compromised the personal information of some current or former employees.

In a breach notification letter, Bose is detailing the incident and how the company has responded.

Bose employees compromised in ransomware attack

In its letter, Bose says it first detected the ransomware attack months ago:

"Immediately upon discovering the attack on March 7, Bose initiated incident response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized
activity. In conjunction with expert third-party forensics providers, Bose further initiated a comprehensive process to investigate the incident.

Given the sophistication of the attack, Bose carefully, and methodically, worked with its cyber experts to bring its systems back online in a safe manner. As the systems have been restored, Bose has worked with its forensics experts to determine the data that may have been accessed and/or exfiltrated."

And the letter continues to share unsettling details for company employees:

"During this investigation, on April 29, 2021, Bose discovered that data from internal administrative human resources files relating to... former New Hampshire employees of Bose Corporation was accessed and potentially exfiltrated.

The personal information contained in these files include name, Social Security Number, and compensation-related information. The forensics evidence at our disposal demonstrates that the threat actor interacted with a limited set of folders within these files. However, we do not have evidence to confirm that the data contained in these files was successfully exfiltrated, but we are also unable to confirm that it was not."

Bose says that it has engaged with industry experts and the FBI to monitor the Dark Web for any indication of leaked data from this incident.

Bose adds cybersecurity protocols following ransomware

Bose is also sharing how it has decided to bolster its cybersecurity protocols:

  • "Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
  • Performed detailed forensics analysis on impacted server to analyse the impact of the malware/ransomware.
  • Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
  • Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
  • Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
  • Changed passwords for all end-users and privileged users.
  • Changed access keys for all service accounts."

There is no indication that the attack disrupted the production of Bose speakers or headphones.

And that sounds good to us. 

Comments