Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

Bose victim of ransomware attack

BOSE
May 26, 2021

In a breach notification letter filed with New Hampshire's Office of the Attorney General, Bose said that in early March 2021, the company "experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment."

At the time, Bose initiated incident response protocols, activated its technical team to contain the incident and hardened its defense against unauthorized activity. In conjunction with expert third-party forensics providers, Bose initiated a comprehensive process to investigate the cyberattack, and worked with its cyber experts to bring its systems back online. As the system was restored, the company worked with forensic experts to determine the data that was accessed and exfiltrated.

While investigating the ransomware's attack impact on its network, the audio maker discovered that some of its current and former employees' personal information was accessed by the attackers. The personal information contained in these files included names, Social Security Numbers, and compensation-related information. According to Bose, the threat actor had access to a "limited set of folders within these files." 

The company has no evidence to confirm that the data contained in these files was successfully exfiltrated, but they were also unable to confirm that it was not. 

The company has also engaged experts to monitor the dark web for any indications of leaked data, and has also coordinated with the U.S. Federal Bureau of Investigation. Currently, there is no indication through its monitoring activities or from impacted employees that the data that was accessed has been "unlawfully disseminated, sold, or otherwise disclosed."

In addition to offering impacted New Hampshire individuals identity protection services for 12 months, free of charge, Bose sent notifications letters about the incident to the affected individuals on May 19, 2021. Kevin Dunne, President at Pathlock, a Flemington, New Jersey-based provider of unified access orchestration, explains, "When addressing the Bose communication directly, there are both some positives and negatives to how they handled the communication to affected individuals. On the positive, they acknowledged the attack, contacted the affected individuals directly, and offered up a small concession (12 months of identity protection). What lacked in the Bose response was faster response time, as more than 60 days passed between when the breach was detected and when the affected individuals were notified. Additionally, they could have taken more responsibility for the attack and laid out a clear plan for how they would prevent these future attacks from happening."

Regardless, says Dunne, there is a lesson learned from this attack for all enterprises: "Keep your business critical data in the applications where it can be managed and monitored, not in spreadsheets or other unmanaged databases. Employee data is sensitive data just like customer, financial, or IP related data. Enterprises should invest in a HRM system and make sure that they have good access control and data loss prevention in place against their HRM. This way, the risk of potential damage from employee data loss can be minimized."

According to Bose, the company has enhanced malware and ransomware protection on endpoints and servers to protect against future attacks. It has also performed detailed forensics analysis on impacted server to analyze the impact of malware and ransomware, blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt, enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks, blocked newly identified malicious sites and IPs linked to the threat actor on external firewalls to prevent potential exfiltration, changed passwords for all end users and privileged users, and changed access keys for all services accounts.

Joseph Carson, chief security scientist and Advisory CISO at ThycoticCentrify, a Washington D.C. based provider of cloud identity security solutions, explains, "Ransomware attacks are on the rise and evolving into a very dangerous digital weapon. Not only are they on the rise, they are becoming more successful, more damaging and the ransom demands are increasing into tens of millions of dollars.  Ransomware and data theft continues to be the biggest threats to organizations around the world and no one is immune."

In addition, Carson says, "Bose has demonstrated strong communication and transparency around the attack and demonstrates yet again why clear communication is critical during security incidents. Working with industry experts and law enforcement ensures that they can quickly restore business operations with data integrity as well as help others prevent such incidents occurring further."

"The hard requirement for reporting depends on many things including industry, location, compliance scope, and the breach’s impact, says Jack Mannino, CEO at nVisium, a Falls Church, Virginia-based application security provider. "Companies that are forthcoming about breaches, and demonstrate a genuine desire to harden their defenses proactively, avoid some of the scrutiny that inevitably comes when an organization attempts to construct their own narratives based on limited public information."

 

KEYWORDS: cyber security data breach ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Technologies & Solutions
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Person working on laptop

Governance in the Age of Citizen Developers and AI

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

August 27, 2025

Risk Mitigation as a Competitive Edge

In today’s volatile environment, a robust risk management strategy isn’t just a requirement—it’s a foundation for organizational resilience. From cyber threats to climate disruptions, the ability to anticipate, withstand, and adapt to disruption is becoming a hallmark of industry leaders.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • bots cyber

    Insurance giant AXA victim of ransomware attack

    See More
  • black screen with multicolored text and white lock

    50 percent of organizations fell victim to ransomware in 2022

    See More
  • open laptop with purple screen

    79% of organizations faced a ransomware attack in H2 2023

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing