A well-known audio maker Bose, has reported the data breach after the ransomware attack during march this year.Tweet
Bose Corporation- a well-known audio system maker has disclosed the breach following to the successful ransomware attack. In the notification which was filed with New Hampshire’s office of the Attorney General, Bose stated “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”
The company added “Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021”. Bose Media Relations Director Joanne Berthiaume told the third party site, that they had recovered and secured their systems quickly with the support of external cybersecurity experts.
Bose had confirmed they also sent breach notifications letters to all the individuals affected by the incident.
“Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department,” Bose said.
The company had confirmed that they have not found the evidence of stolen data on the dark web and they had engaged the experts to monitor the dark web for any indications of leaked data. However, they had confirmed that employees personal data such as Social security number, Compensation information, and other HR related information was exposed.
After the successful breach, Bose had stated they took following measures to prevent future attacks:
- Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
- Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware.
- Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
- Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
- Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
- Changed passwords for all end-users and privileged users.
- Changed access keys for all service accounts.
–-For more Cyber security news in crisp content . Please follow our site.