NVIDIA this week acknowledged that employee credentials were stolen during a cyberattack on February 23 and confirmed the attackers have started leaking the information online.
The compromise occured on February 23 and impacted certain “IT resources,” an NVIDIA spokesperson told SecurityWeek.
“Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” the NVIDIA spokesperson added.
While the investigation into the incident continues, NVIDIA says that it hasn’t found evidence that ransomware was deployed on its network.
“We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online. Our team is working to analyze that information,” NVIDIA said.
A known ransomware gang called Lapsus$ claims to have stolen over 1 terabyte of data from NVIDIA. On a Telegram channel, the data-extortion gang confirmed it had started to publicly disclose the stolen data.
NVIDIA said it did not anticipate any business disruption. “Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily,” the spokesperson added.