Audio equipment maker Bose discloses a ransomware attack


Employee SSNs and financial information were exposed

The audio equipment manufacturer Bose Corporation disclosed that it was a victim of a ransomware attack that took place on March 7.

Bose filed a breach notification letter according to which the company was hit by a sophisticated cyber attack and the threat actors deployed ransomware within its infrastructure.

Bose first detected the malware on its U.S. systems on March 7, 2021. Soon after they discovered the security breach, an incident response procedure was initiated and they also launched an investigation into the incident. 

The company did not provide more details about the attack such as the family of ransomware that infected its systems.

The company discovered that the ransomware operators managed to access and exfiltrate data from internal administrative human resources files relating to 6 former New Hampshire employees of Bose Corporation.

The exposed data include the employees’ names, Social Security Numbers, compensation information, and comparable HR-related information

The company hired external security experts and forensic experts to determine the extent of the attack and restore the impacted systems. They did not make any ransom payments and recovered the encrypted files from its backups with the support of third-party cybersecurity experts.

The audio maker announced that they have taken additional measures to increase the cyber security and prevent future attacks which includes:

  • Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
  • Performed detailed forensics analysis on impacted server to analyse the impact of the malware/ransomware.
  • Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
  • Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
  • Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
  • Changed passwords for all end users and privileged users.
  • Changed access keys for all service accounts.


Please enter your comment!
Please enter your name here