American semiconductor manufacturer Microchip Technology Incorporated has confirmed that sensitive employee data was compromised during a cyberattack in August, which was later attributed to the Play ransomware group.
Based in Chandler, Arizona, Microchip serves approximately 123,000 clients across various sectors such as industrial, automotive, consumer electronics, aerospace and defense, communications, and computing.
On August 20th, Microchip Technology announced that it had experienced a cyber incident affecting several of its manufacturing sites. The breach was detected on August 17th and disrupted the company’s operations significantly. As a precautionary measure to contain the breach’s impact, certain systems were shut down and isolated.
In a filing with the U.S. Securities and Exchange Commission (SEC) on Wednesday, Microchip reported that its critical IT systems have been restored to functionality. The company indicated that operations are “substantially restored,” allowing it to resume processing customer orders and shipping products for over a week now.
While some employee information was confirmed as stolen during this incident—such as contact details and encrypted passwords—Microchip stated there is currently no evidence suggesting that customer or supplier data has been compromised.
The company noted: “While our investigation is ongoing, we believe unauthorized individuals accessed specific information within our IT systems. This includes employee contact details along with some encrypted passwords. We have not found any indication of customer or supplier data being taken.” Furthermore, they acknowledged awareness of claims made by an unauthorized party regarding the acquisition of certain company data online; they are actively investigating these claims with assistance from cybersecurity experts.
Cyberattack Attributed to Play Ransomware Group
Microchip Technology continues to assess the full extent of this cyberattack with support from external cybersecurity professionals while working diligently on restoring affected IT systems. Despite ongoing recovery efforts post-incident, the firm has successfully resumed processing orders for customers for more than a week now.
Although investigations into the attack’s nature are still underway at Microchip Technology’s end, responsibility for the attack was claimed by Play ransomware on August 29 when they listed Microchip on their dark web leak site.
The group asserted they had extracted extensive information from compromised systems at Microchip Technology—including confidential personal data related to employees as well as sensitive documents concerning budgets and payrolls among other financial records.
Since then, Play ransomware has partially released some of this purportedly stolen information online while threatening further disclosures unless their demands are met by the company involved.
Emerging in June 2022 initially through victims seeking assistance via BleepingComputer forums; Play operators engage in double-extortion tactics where sensitive data is exfiltrated from breached networks compelling victims into paying ransoms under threat of public exposure of their private information online.
Noteworthy organizations previously targeted by Play ransomware include cloud service provider Rackspace; major car retailer Arnold Clark; municipal authorities like Belgium’s city Antwerp; California’s City Oakland; alongside Dallas County where personal records affecting around 200 thousand individuals were exposed due to similar attacks earlier this year.
In collaboration with CISA (Cybersecurity & Infrastructure Security Agency) along with Australia’s Cyber Security Centre (ACSC), FBI officials issued an advisory last December indicating that approximately 300 organizations worldwide had fallen victim to breaches orchestrated by this particular ransomware group up until October 2023.
