Microchip Technology acknowledges data was stolen in cyberattack
American chip and semiconductor manufacturer Microchip Technology confirms that hackers stole confidential information that was stored on company servers.
Last month, the Arizona-based tech company told the Securities and Exchange Commission (SEC) that an unauthorized party was detected and performed ‘potentially suspicious activity’ on some of its computer systems.
The company however couldn’t say at the time whether corporate information had been stolen or not. To answer that question, Microchip Technology had to investigate the security incident some more.
In a new 8-K filing, the chipmaker provides us with an update. It says there’s evidence the threat actor did steal personal and sensitive information.
“While the investigation is continuing, the company believes that the unauthorized party obtained information stored in certain company IT systems, including, for example, employee contact information and some encrypted and hashed passwords. We have not identified any customer or supplier data that has been obtained by the unauthorized party,” the filing says.
Microchip Technology promises to continue the investigation and will keep employees, stakeholders, law enforcement agencies, and regulators in the loop.
In the meantime, BleepingComputer found out that the Play ransomware operation has claimed responsibility for the attack on Microchip Technology on its leak website on the dark web. The hacking group claims to have stolen private and personal confidential data, client documents, financial information, contracts, employee IDs, and more.
The Play ransomware group states that part of the data has been published and threatens to leak the rest if the company doesn’t react.
Microchip Technology says it’s investigating the validity of this claim in accordance with cybersecurity and forensic experts.
“As the company’s investigation is ongoing, the full scope, nature, and impact of the incident are not yet known. As of the date of this filing, the company does not believe the incident is reasonably likely to materially impact the company’s financial condition or results of operations,” the filing concludes.
Your email address will not be published. Required fields are marked