Bose is the latest in an unending parade of major companies to disclose that they’ve been the victim of a ransomware attack.
In the company’s breach notification letter, they indicated that they first detected the incursion on March 7th, 2021, with the attack itself having occurred on April 29th.
Additionally, as is quite common in these cases, the company indicated that they immediately began working with both law enforcement and a third-party cyber security agency to continue the investigation. According to the official notification, Bose did not pay the demanded ransom, and was able to restore their corporate network to full functionality with minimal disruption to the company’s business operations.
In terms of scope and scale, the company identified a small number of individuals whose data was impacted and notified everyone who was affected by mail. Based on the forensic analysis, the company determined that the files accessed by the hackers contained personal information related to an unspecified number of current and former employees, including names, social security numbers, salary, and other HR-related information.
In the aftermath of the attack, Bose took the following steps to further bolster their security:
The bottom line is, although unfortunate, the company’s handling of the incident has been commendable. We just hope that the day comes when there won’t be quite so many stories like this one.