September 5, 2024 at 07:12AM
Microchip Technology confirmed a recent ransomware attack resulting in stolen personal and other data. The company isolated the affected systems and filed an 8-K Form with the SEC, confirming the breach. Although certain data was stolen, the full extent of the impact and validity of ransomware group’s claims are still under investigation. Operations have partially resumed.
From the meeting notes, it is clear that Microchip Technology (NASDAQ: MCHP) suffered a ransomware attack where personal information and various data were stolen from its systems. The incident occurred on August 20, and the company informed the US Securities and Exchange Commission of the disruption to its servers and business operations.
The Play ransomware gang claimed responsibility for the attack and began leaking stolen data from the manufacturer, potentially due to a failed extortion attempt. The stolen data includes personal information, employee IDs, and business and financial documents.
Microchip confirmed the data breach in a filing with the SEC on September 4, stating that the cybercriminals obtained information stored in certain company IT systems, such as employee contact information and encrypted/hashed passwords. They indicated that no customer or supplier data had been obtained.
The company continues to investigate the incident with the assistance of outside cybersecurity and forensic experts. It has restored operationally critical IT systems and resumed order processing and product shipping, but the restoration process is ongoing. Additionally, the full extent of the incident and its potential financial impact are yet to be determined.