Microchip Technology Incorporated, a leading American semiconductor manufacturer, has confirmed that a cyberattack in August 2024 resulted in the theft of sensitive data.
The company disclosed in a recent filing with the U.S. Securities and Exchange Commission that the breach affected its operations and compromised employee information, including contact details and some encrypted and hashed passwords. However, there is no evidence that customer or supplier data was accessed during the incident.
The cyberattack, which was discovered on August 17, 2024, forced Microchip to shut down certain systems and isolate affected servers to contain the breach. Despite these disruptions, the company has been able to restore its operationally critical IT systems and resume processing customer orders and shipping products for over a week.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial
The Play ransomware gang, known for its double-extortion tactics, claimed responsibility for the attack. This group typically encrypts victims’ files and threatens to release stolen data unless a ransom is paid.
The Playgroup has reportedly stolen a wide range of information from Microchip’s systems, including private and personal confidential data, client documents, and financial information. According to SEC Filling, some of this data has already been leaked online as part of the gang’s pressure tactics.
Microchip Technology is actively investigating the claims of data theft with assistance from external cybersecurity and forensic experts. The company is working diligently to bring the remaining affected portions of its IT systems back online while adhering to strict cybersecurity protocols.
Despite the ongoing investigation, Microchip does not currently believe that the cyberattack will materially impact its financial condition or operational results.
The incident underscores the growing threat of cyberattacks on semiconductor companies, which are critical to various industries, including automotive, aerospace, and consumer electronics.
Microchip Technology, with its extensive customer base and significant role in the global supply chain, is just one of several tech firms targeted by cybercriminals in recent years.
As the investigation continues, Microchip remains committed to safeguarding its systems and preventing future breaches. The company has notified employees, law enforcement, and regulators about the incident and is taking steps to enhance its cybersecurity measures.
What Does MITRE ATT&CK Expose About Your Enterprise Security? - Watch Free Webinar!