United States-based broadband and networking semiconductor maker MaxLinear this week revealed that some of its operational systems were infected with the Maze ransomware.
In an 8-K filing with the U.S. Securities and Exchange Commission (SEC), the company revealed that, although systems within its IT infrastructure were impacted, no interruptions were caused.
“The ransomware attack has not materially affected our production and shipment capabilities, and order fulfillment has continued without material interruption,” the company says.
Last week, MaxLinear started sending letters to impacted individuals to inform them of the attack, revealing that the incident was detected on May 24, but that the attackers likely had access to the company’s systems since at least April 15, 2020.
“We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems,” reads a copy of the letter, which the chip maker submitted to the State of California’s Attorney General.
During the time they dwelt in the company’s network, the attackers were able to access various types of data, including personal information of its employees.
Impacted data includes names, mailing addresses, personal and company emails, employee ID numbers, driver’s license numbers, financial account numbers, Social Security numbers, dates of birth, work locations, compensation and benefit information, dependent details, and date of employment.
The company has prompted an enterprise-wide password reset operation and is also working on improving its security programs.
MaxLinear says that it does not plan to “satisfy the attacker’s monetary demands,” although the Maze ransomware operators have already started releasing what appears to be financial data stolen from the company.
The organization is working with a third-party to evaluate the information posted by the hackers. It has already restored some of the affected systems and equipment, but the restoration effort is ongoing.
“Although we have incurred and will incur incremental costs as a result of forensic investigation and remediation, we do not currently expect that the incident will materially or adversely affect our operating expenses,” the company says.