Bose was the latest hit, according to an article published by Cyberscoop. Employee data was apparently exfiltrated, and Bose did not pay a ransom according to the Cyberscoop article.
While the article talks briefly about the Colonial Pipeline attack and how easy it was to spot, some may not be easy to spot or even deal with unless the company reports it.
This is not really what I think is best. Companies need to report incidents especially if it involves the potential exfiltration of personal data.
I’ve published several post-mortem reports on my blog after certain incidents, and I think this is the right thing to do. You can search post-mortem and find them all.
Read more on the Bose situation, and let me know what you think. Ransomware forced Bose systems offline, exposed personal data of 6 former employees is the article. What do you think? What is the appropriate response?