14 DAY TRIAL // Bose was hit by a sophisticated ransomware attack in March that led to unlawful access to the personal data of current and former employees.
The US audio technology giant informed the New Hampshire Attorney General's office that it first discovered the malware on March 7, 2021. However, on April 29, more than two months later, they found out that personnel files had been accessed.
The company said that “The personal information contained in these files include name, Social Security Number, and compensation-related information”.
“The forensics evidence at our disposal demonstrates that the threat actor interacted with a limited set of folders within these files. However, we do not have evidence to confirm that the data contained in these files were successfully exfiltrated, but we are also unable to confirm that it was not”.
The company said it has hired third-party experts to research the dark web for this data to determine if it is being actively exploited by cybercriminals. The FBI is also involved in the matter.
According to the company, through May 19, 2021, Bose has received no indication from either its monitoring activities or impacted employees that the data contained below has been unlawfully shared, sold, or otherwise disclosed.
It is unclear whether Bose paid the ransom
Only a few employees were affected, and the company is not believed to have paid the ransom.
However, it provided the regulator with a comprehensive list of corrective actions taken by its security staff to reduce the likelihood of a worse attack in the future. These include improved anti-malware, logging, and monitoring measures, blocking malicious IPs associated with the threat actor, resetting passwords for all end-users, and changing access keys for all service accounts.
Robert Golloday, EMEA and APAC director at Illusive, praised Bose for its transparency.
He added "Kudos for not paying a ransom and for having the appropriate backups in place. With that said, the time to put in controls for early detection and prevention of lateral movement is before these attacks occur, not after".