Pierluigi Paganini May 25, 2021

The audio equipment manufacturer Bose Corporation said it was the victim of a ransomware attack that took place earlier this year, on March 7.

Bose Corporation has announced it was the victim of a ransomware attack that took place earlier this year, on March 7.

According to the breach notification letter filed by Bose, the company was hit by a sophisticated cyber attack, threat actors deployed ransomware within its infreastructure.

“I am writing to inform you that Bose Corporation, located at The Mountain Road, Framingham, MA 01701, experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across Bose’s environment. Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021.” reads the letter.

Shortly after the discovery f the security breach the company initiated an incident response procedure and launched an investigation into the incident. At the time of this writing, the company did not provide details about the attack such as the family of ransomware that infected its systems.

The company discovered that data from internal administrative human resources files relating to 6 former New Hampshire employees of Bose Corporation was accessed and potentially exfiltrated by the ransomware operators.

“Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department. These files contained certain information pertaining to employees and former employees of Bose.” continues the letter.

Exposed data include the employees’ names, Social Security Numbers, compensation information, and comparable HR-related information

Bose also hired external security experts and forensic experts to determine the extent of the attack and restore the impacted systems. The audio maker confirmed that it did not pay any ransom and recovered the encrypted files from its backups with the support of third-party cybersecurity experts.

Employe personal information exposed in the ransomware attack includes names, Social Security Numbers, compensation information, and other HR-related information.

Bose has also hired security experts to monitor the dark web for any data leaks..

The company announced to have put in place additional measures to increase the cyber security and prevent future attacks:

• Enhanced malware/ransomware protection on endpoints and servers to further enhance our
• protection against future malware/ransomware attacks.
• Performed detailed forensics analysis on impacted server to analyse the impact of the
• malware/ransomware.
• Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
• Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
• Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
• Changed passwords for all end users and privileged users.
• Changed access keys for all service accounts.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Bose Corporation)

[adrotate banner=”5″]

[adrotate banner=”13″]