Bose Admits Ransomware Hit: Employee Data Accessed - silversurfer - 26 May 21
Quote:High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled “across Bose’s environment” and resulted in the possible exfiltration of employee data.
The incident began on March 7, according to a disclosure letter sent to the Attorney General’s Office in New Hampshire, which kicked off a successful incident-response process, the company said. While the letter didn’t mention how much the ransom was, a company spokeswoman confirmed to media that Bose declined to pay up and instead was able to rely on its own resources to regain control of its environment.
“Bose initiated incident-response protocols, activated its technical team to contain the incident, and hardened its defenses against unauthorized activity,” according to the letter, sent more than two months after the incident. “In conjunction with expert third-party forensics providers, Bose further initiated a comprehensive process to investigate the incident. Given the sophistication of the attack, Bose carefully, and methodically, worked with its cyber-experts to bring its systems back online in a safe manner.”
As is the case with many modern ransomware attacks, the cyberattackers may have purloined company data to ratchet up the pressure on the headphone- and speaker-maker. They were able to access HR files for six former employees, which included names, Social-Security numbers and compensation-related information, the team determined – but it’s unclear whether the data was successfully stolen.
Read more: Bose Admits Ransomware Hit: Employee Data Accessed | Threatpost
|