Security News > 2021 > May > Bose Admits Ransomware Hit: Employee Data Accessed

High-end audio-tech specialist Bose has disclosed a ransomware attack, which it said rippled "Across Bose's environment" and resulted in the possible exfiltration of employee data.

"In conjunction with expert third-party forensics providers, Bose further initiated a comprehensive process to investigate the incident. Given the sophistication of the attack, Bose carefully, and methodically, worked with its cyber-experts to bring its systems back online in a safe manner."

As is the case with many modern ransomware attacks, the cyberattackers may have purloined company data to ratchet up the pressure on the headphone- and speaker-maker.

"On the positive, they acknowledged the attack, contacted the affected individuals directly, and offered up a small concession. What lacked in the Bose response was faster response time, as more than 60 days passed between when the breach was detected and when the affected individuals were notified. Additionally, they could have taken more responsibility for the attack and laid out a clear plan for how they would prevent these future attacks from happening."

Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt;.

It's unclear which ransomware gang hit Bose, but the process of exfiltrating information under cover of the ransomware attack itself is increasingly common.

News URL

https://threatpost.com/bose-ransomware-employee-data/166443/