Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company’s systems in early March. In a breach notification letter filed with New Hampshire’s Office of the Attorney General, the consumer electronics company said that it ‘experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across its ‘environment’.
Commenting on the story is Robert Golladay, an EMEA and APAC Director at Illusive: “This incident is unfortunate for Bose and the individuals whose personal data was exfiltrated. However, Bose deserves praise for its transparency in establishing and truing up its security controls. The communication should give its customers, suppliers and employees comfort that something is being done. Also, kudos for not paying a ransom and for having the appropriate backups in place. With that said, the time to put in controls for early detection and prevention of lateral movement is before these attacks occur, not after. Clearly the attackers were adept at finding ‘at risk’ data and taking advantage of the lack of attack detection and prevention. Another unfortunate example of an ever-widening criminal enterprise.”Click below to share this article