The malware was first detected on the company's U.S. systems on March 7. Bose stated in a breach notification letter sent to the New Hampshire’s Office of the Attorney General that it “experienced a sophisticated cyber-incident that resulted in the deployment of malware/ransomware across" its "environment.”
No ransom payment was made, said Joanne Berthiaume, Bose’s director for media relations. "We recovered and secured our systems quickly with the support of third-party cybersecurity experts."
During an investigation, the company found that some of the personal information of their former and current employees was accessed by the hackers. The incident compromised information such as Social Security Numbers, names, HR-related information and compensation information. However, there is no evidence suggesting that any of the data has been leaked or sold, Bose said.
The company implemented several cybersecurity measures after the ransomware attack and sent breach notification letters to affected individuals.