Microchip Technology Incorporated has acknowledged that employee data was compromised in a cyberattack on its systems, which was attributed to the Play ransomware gang following an attack in August.
Headquartered in Chandler, Arizona, the chipmaker serves approximately 123,000 customers across a diverse range of industries, including industrial, automotive, consumer, aerospace and defense, communication, and computing markets.
As of August 20, the operations at multiple manufacturing facilities were disrupted due to a cyberattack detected on August 17. The breach had a significant impact on the corporation’s ability to fulfill customer orders, forcing it to discontinue certain programs and quarantine those affected by the incident.
On Wednesday, submitting to the U.S. Securities and Alternative Fee, Microchip Knowledge announced that it has successfully brought back online its operationally critical IT systems, reporting “substantial restoration” of operations, which have been processing customer orders and delivering products for over a week.
Microchip Technology revealed that attackers stole employee data from its systems, but thus far, it has not found evidence that customer information was also compromised during the breach.
“While the investigation remains ongoing, the Firm suspects that an unauthorized social gathering accessed sensitive information stored within certain Firm IT systems, including employee contact details and some encrypted and hashed passwords.” Notably, no buyer or provider information acquired through an unauthorized gathering has been identified.
The Firm acknowledges that an unauthorized social event has allegedly obtained and published confidential data from its systems online. The firm is conducting a thorough examination into the legitimacy of this declaration, leveraging expertise from its external cybersecurity and forensic specialists.
Assault claimed by Play ransomware
Microchip Technology is actively assessing the scope and impact of the cyberattack with the assistance of external cybersecurity experts. Restoration efforts are focused on reviving IT programs that were compromised during the incident. Despite ongoing efforts to recover from the attack, the company confirms that it has successfully processed customer orders and shipped products for more than a week.
Despite ongoing investigations into the nature and extent of the cyberattack by Microchip Know-how, the Play ransomware gang publicly took credit for the breach on August 29, posting the American chipmaker’s details on their information leak website in the darknet.
Hackers allegedly infiltrated Microchip Know-how’s vulnerable systems, gaining unauthorized access to a broad range of sensitive data, including confidential business records, customer documents, financial statements, employee personal information, contract details, tax records, identification credentials, and other proprietary financial data.
The ransomware group has partially released the supposedly pilfered data and issued a veiled warning that they will publicly disseminate the balance of the compromised information unless the company takes immediate action to address their demands.
emerged in June 2022, with preliminary victims seeking assistance through Ruthless actors exploit vulnerabilities in compromised software to pilfer sensitive data, using it as leverage in double-edged extortion tactics, coercing victims into paying hefty ransoms to prevent their confidential information from being publicly exposed.
Noted Play ransomware victims, including a cloud computing firm, an automotive retailer, and companies in California, most recently affected by this malicious attack.
In collaboration with CISA and the Australian Cyber Safety Centre, the FBI issued a joint warning in December that this ransomware group had compromised approximately 300 global organizations by October 2023.
