fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Audio Maker Bose Discloses Data Breach After Ransomware Attack

Audio Maker Bose Discloses Data Breach After Ransomware Attack

Bose Corporation (Bose) has disclosed a data breach following a ransomware attack that hit the company’s systems in early March.

In a breach notification letter filed with New Hampshire’s Office of the Attorney General, Bose said that it “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across” its “environment.”

“Bose first detected the malware/ransomware on Bose’s U.S. systems on March 7, 2021,” the company added.

The audio maker hired external security experts to restore impacted systems after the attack and forensic experts to determine if any of its data was accessed or exfiltrated by the attackers.

Employees’ data accessed during the attack

While investigating the ransomware’s attack impact on its network, the audio maker discovered that some of its current and former employees’ personal information was accessed by the attackers.

“Based on our investigation and forensic analysis, Bose determined, on April 29, 2021, that the perpetrator of the cyber-attack potentially accessed a small number of internal spreadsheets with administrative information maintained by our Human Resources department,” Bose said.

Also Read: The DNC Registry Singapore: 5 Things You Must Know

“These files contained certain information pertaining to employees and former employees of Bose.”

Employe personal information exposed in the ransomware attack includes names, Social Security Numbers, compensation information, and other HR-related information.

While Bose did not find confirmation of the threat actors’ behind the incident exfiltrating data out of its network, the company says the attackers were able to interact with “a limited set of folders.”

No evidence of leaked stolen data on the dark web

“Bose has engaged experts to monitor the dark web for any indications of leaked data, and has been working with the U.S. Federal Bureau of Investigation,” the audio maker said.

“Bose has not received any indication through its monitoring activities or from impacted employees that the data discussed herein has been unlawfully disseminated, sold, or otherwise disclosed.”

After the ransomware attack, Bose took the following measures to defend against future attacks:

  • Enhanced malware/ransomware protection on endpoints and servers to further enhance our protection against future malware/ransomware attacks.
  • Performed detailed forensics analysis on impacted server to analyze the impact of the malware/ransomware.
  • Blocked the malicious files used during the attack on endpoints to prevent further spread of the malware or data exfiltration attempt.
  • Enhanced monitoring and logging to identify any future actions by the threat actor or similar types of attacks.
  • Blocked newly identified malicious sites and IPs linked to this threat actor on external firewalls to prevent potential exfiltration.
  • Changed passwords for all end-users and privileged users.
  • Changed access keys for all service accounts.

The company also sent breach notification letters to all individuals impacted by the ransomware incident on May 19.

Depending on the ransomware gang behind this attack, the incident could also lead to a data leak if employees’ info was also exfiltrated from Bose’s systems.

Right now, more than 20 ransomware gangs are known for stealing data from victims’ servers before encrypting their systems.

Bose is a privately-held consumer electronics company that manufactures audio equipment for entertainment and the aviation and automotive industries.

Also Read: How to Comply With PDPA: A Checklist For Business

A Bose spokesperson was not available for comment when contacted by BleepingComputer earlier today.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us