Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company’s systems in early March.

In a breach notification letter filed with New Hampshire’s Office of the Attorney General, Bose said that it “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”

“Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021,” the company added.

The audio maker hired external security experts to restore impacted systems after the attack and forensic experts to determine if any of its data was accessed or exfiltrated by the attackers.

Employees’ data accessed during the attack

While investigating the ransomware’s attack impact on its network, the audio maker discovered that some of its current and former employees’ personal information was accessed by the attackers.

“Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department,” Bose said.

“These files contained certain information pertaining to employees and former employees of Bose.”

Employe personal information exposed in the ransomware attack includes names, Social Security Numbers, compensation information, and other HR-related information.

While Bose did not find confirmation of the threat actors’ behind the incident exfiltrating data out of its network, the company says the attackers were able to interact with “a limited set of folders.”

No evidence of leaked stolen data on the dark web

“Bose has engaged experts to monitor the dark web for any indications of leaked data, and has been working with the U.S. Federal Bureau of Investigation,” the audio maker said.

“Bose has not received any indication through its monitoring activities or from impacted employees that the data discussed herein has been unlawfully disseminated, sold, or otherwise disclosed.”

After the ransomware attack, Bose took the following measures to defend against future attacks:

  • Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
  • Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware.
  • Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
  • Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
  • Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
  • Changed passwords for all end-users and privileged users.
  • Changed access keys for all service accounts.

The company also sent breach notification letters to all individuals impacted by the ransomware incident on May 19.

Depending on the ransomware gang behind this attack, the incident could also lead to a data leak if employees’ info was also exfiltrated from Bose’s systems.

Right now, more than 20 ransomware gangs are known for stealing data from victims’ servers before encrypting their systems.

Bose is a privately-held consumer electronics company that manufactures audio equipment for entertainment and the aviation and automotive industries.

A Bose spokesperson was not available for comment when contacted by BleepingComputer earlier today.