Ransomware attack on Bose exposes employees’ SSN and financial information

Ransomware attack on Bose exposes employees’ SSN and financial information

In a letter to New Hampshire Attorney General John Formela, audio equipment company Bose revealed that it was hit by a ransomware attack on March 7.

The letter didn’t say what kind of ransomware it was or who exactly was behind the attack, but the company explained that it “experienced a complex cyber incident that was deployed across Bose’s environments. Malware/Ransomware.”

On April 29, Bose and analysts determined that those behind the attack managed to gain access to internal administrative human resources documents, social security numbers, addresses and compensation information for some employees, including six employees who lived in New Hampshire.

The company said it could not confirm whether files or information were stolen from the system by those behind it. It is also unclear whether Bose paid the ransom.

In the letter, Bose said it was currently working with a private security firm and the FBI to search the dark web for any leaked information, but found no indication that its data had been compromised.

The company has now implemented “enhanced malware/ransomware protection” on network endpoints and servers, while blocking the lateral movement of malicious files during an attack, and deployed monitoring tools to monitor subsequent attacks, among other things.

On May 19, Bose also sent a letter to all those affected by the ransomware incident, telling them to stay vigilant and monitor their accounts, and the six employees living in New Hampshire also received 12 months of free IdentityForce identity protection. Serve.

Cybersecurity experts say it’s important to mandate that companies hit by ransomware be forced to report the attack, which can help other involved companies protect themselves from similar attacks in a timely manner.

Gurucul CEO Saryu Nayyar praised Bose for publicly disclosing the attack, but noted problems with the timeline of events the company described in the announcement.

It is important to share the attacker’s dynamics so that it can attract the attention of the necessary authorities and cyber defense experts to mitigate the knock-on effects of an attack. Bose’s announcement was very detailed, however, the timeline for the disclosure was worrisome. It took Bose a month and a half to discover what data was being accessed and potentially compromised, and another three weeks to start notifying affected individuals. Bose’s response time to the attack was so long that attackers could do whatever they wanted with the leaked data during that time.

Other experts also pointed to Bose’s lengthy response time, which could endanger other businesses and individuals affected by the data breach.

Pathlock president Kevin Dunne said Bose could have responded faster and took more responsibility for the attack, while also having a clear plan to prevent future attacks like this from happening again.

All businesses should learn from this attack – keep critical business data in applications that can be managed and monitored, not in spreadsheets or other unmanaged databases, employee data like customer, financial or knowledge Property-related data is also sensitive data. Businesses should invest in human resource management systems and ensure they have good access controls and data loss prevention measures in place to reduce the risk of potential data breaches by employees.

He added that attitudes are widely divided for stakeholders involved in cybersecurity attacks.

He explained that some companies are being overly cautious in reporting attacks on their systems because they want to avoid attracting further attacks, or compromising on ransomware gangs.

Regardless, employees affected by an attack that compromised their data should be notified as soon as possible so they can monitor any unusual activity in the compromised accounts. He told ZDNet: “Shareholders are often very tangled because disclosing information about a breach often results in a Sharp drop in share prices, but on the other hand, when the public is informed about breaches earlier, companies can better manage expectations.

Jack Mannino, chief executive of nVisium, said different administrative states and industries have different requirements for reporting incidents. But he urged any attacked companies to proactively notify victims to avoid appearing passive in the aftermath.

Experts such as Shared Assessments CISO Tom Garrubba say there is a misunderstanding by some companies about the importance of disclosure, arguing that it is only when publicly traded (public companies) or operating in a regulated environment Violation information needs to be disclosed.

No matter what industry your business is in, whether it’s public or not, the practice of covering up or delaying disclosure of incidents can hinder the ability to improve cyber hygiene and defend against future attacks in the long run. Many businesses have a fluke mentality that they won’t be struck twice by lightning and refuse to invest the right amount of money to improve their cybersecurity posture. This creates a false sense of security by under-reporting. However, if you are unfortunate enough to suffer another cyberattack, previous under-reporting and delays will be exposed, which will cause very serious damage to the brand and reputation of the business. In today’s digital age, the key to business success is increasing transparency and customer trust, which is the ‘currency’ of global communications.

The Links:   G121I1-L01 ZUW252412