Bose disclosed that the US-based company has been subject to a data breach following a ransomware attack in early March. Some of the employees' information was accessed by the attackers. The premium audio equipment maker filed a breach notification letter with New Hampshire's Office of the Attorney General around mid-May. Upon discovering the breach, the company initiated incident response protocols to restore the impacted systems. Bose also took a series of measures to protect itself from future attacks. Another ransomware attack on Colonial Pipeline had recently forced the shutdown of the largest oil pipeline in the eastern US earlier this month.
According to a breach notification letter from the company, Bose first discovered the attack on March 7. The company's data from internal administrative human resources files relating to six former New Hampshire employees were accessed and potentially exfiltrated. The accessed information included the employees' name, Social Security Number, and compensation-related information.
Upon detecting the breach, Bose employed its technical team to contain the incident. The company also worked with external forensics providers to investigate the attack. Bose said in the letter that the threat actors interacted with a limited set of folders and the systems have been restored.
Bose offered 12 months of identity protection services to the affected employees.
To defend itself from future cyberattacks, Bose detailed the following measures in its letter:
The largest fuel network in the eastern US, Colonial Pipeline, was also forced to halt its operation earlier this month following a ransomware attack. The company paid $4.4 million (roughly Rs. 32.19 crores) in ransom to hackers following the attack.