Chipmaker Microchip Technology reports cyberattack impacting operations

Microchip Technology Incorporated, an American chipmaker based in Chandler, Arizona, is reporting a cyberattack that occurred over the weekend (17th-18th of August).

The attack disrupted activities at several of the company’s manufacturing facilities, leading to reduced operational capacity and affecting its ability to fulfill customer orders.

The company detected unusual activity within its IT systems on August 17, 2024. They initiated containment measures, including shutting down certain systems and isolating the affected servers. On August 19, 2024, Microchip confirmed that unauthorized access had compromised several servers, leading to a disruption of its business operations.

Microchip Technology has engaged external cybersecurity experts to assist in evaluating the full extent and impact of the attack. The company is working to restore affected systems and resume normal operations.

The investigation remains ongoing, and the complete scope of the incident, including its potential financial impact, is unclear. While the company has not officially identified the nature of the breach, there are indications that it could be a ransomware attack, though no group has claimed responsibility as of yet.

At this time, Microchip Technology has not provided further details regarding the exposed data or the number of affected individuals.

Update - as of 28th of August 2024, the ransomware gang "Play" is claiming responsibility for the cyberattack. They added Microchip to its list of breached organizations on the dark web.

Microchip Technology confirmed that it is aware of the claims made by the group and that it has notified law enforcement. The company is actively investigating the breach and working on remediation with the help of external cybersecurity advisors.

Play claims it infiltrated Microchip’s internal systems and stole sensitive data, including:

• personal information,
• budget details, payroll,
• accounting data.

As of 29th of August 2024, Play gang started leaking data allegedly stolen from the company on August 29.

As of 4th September 2024, Microchip Technology confirmed that personal and other sensitive information had been stolen from its systems in a ransomware attack.

The stolen data includes:

• Personal information,
• Employee IDs,
• Business and financial documents,
• Employee contact information,
• Some encrypted and hashed passwords.

Microchip Technology claims that while certain data was stolen, no customer or supplier data has been identified as compromised.

The company has notified affected employees, law enforcement, and regulators. No details are disclosed about the number of affected individuals.

As of 7th of November 2024, Microchip Technology reported $21.4 million in expenses related to the cybersecurity incident in its latest financial report.