US-based semiconductor supplier Microchip Technology (NASDAQ: MCHP) has confirmed that personal information and other types of data was stolen from its systems during a recent ransomware attack.
The company disclosed the incident on August 20, when it informed the US Securities and Exchange Commission that certain servers and business operations had been disrupted. The company isolated the impacted systems to contain the attack.
Roughly a week later, the Play ransomware gang claimed responsibility for the assault, adding Microchip on its Tor-based website. Shortly after, the group started leaking data allegedly stolen from the manufacturer, likely because its extortion attempt failed.
The cybercriminals said they were able to siphon personal information, employee IDs, and various business and financial documents.
On September 4, Microchip filed an 8-K Form with the SEC, confirming that certain data was indeed stolen from its network, underlining that its investigation into the matter continues.
“The company believes that the unauthorized party obtained information stored in certain company IT systems, including, for example, employee contact information and some encrypted and hashed passwords. We have not identified any customer or supplier data that has been obtained by the unauthorized party,” Microchip told the SEC.
The semiconductor maker also noted that it was aware of the Play ransomware group’s claims.
“The company is aware that an unauthorized party claims to have acquired and posted online certain data from the company’s systems. The company is investigating the validity of this claim with assistance from its outside cybersecurity and forensic experts,” Microchip said.
The company also noted that it has yet to determine the full extent of the incident and whether the attack would have a material impact on its financial condition or results of operations.
Microchip also revealed that it has restored operationally critical IT systems and that it has resumed order processing and product shipping, but said that the restoration process has not been completed.
Related: City of Columbus Sues Researcher Who Disclosed Impact of Ransomware Attack
Related: Dick’s Sporting Goods Says Sensitive Data Exposed in Cyberattack
Related: 950,000 Impacted by Young Consulting Data Breach
Related: Seattle Airport Blames Outages on Possible Cyberattack
