Microchip Technology has acknowledged that employee information was stolen from vulnerable systems in an August incident. The Play ransomware group later claimed responsibility.
The chipmaker, headquartered in Chandler, Arizona, serves over 123,000 clients across a variety of industries, including industrial, automotive, consumer, aerospace and defence, communications, and computing.
On August 20, Microchip Technology revealed that a cyberattack discovered on August 17 has disrupted operations across multiple production plants. The incident hampered the company's capacity to meet orders, forcing it to shut down parts of its systems and isolate those affected in order to manage the breach.
In a Wednesday filing with the Securities and Exchange Commission, Microchip Technology stated that its operationally critical IT systems are now functioning, with operations "substantially restored" with the firm processing customer orders and shipping products for more than a week.
Microchip Technology also stated that the attackers acquired some staff data from its systems, but it has yet to find proof that customer information was also compromised during the intrusion.
"While the investigation is continuing, the Company believes that the unauthorized party obtained information stored in certain Company IT systems, including, for example, employee contact information and some encrypted and hashed passwords. We have not identified any customer or supplier data that has been obtained by the unauthorized party," Microchip Technology stated.
"The Company is aware that an unauthorized party claims to have acquired and posted online certain data from the Company's systems. The Company is investigating the validity of this claim with assistance from its outside cybersecurity and forensic experts,” the chipmaker added.
Investigating Play ransomware claim
Microchip Technology continues to assess the scope and consequences of the cyberattack with external cybersecurity consultants. Restoring IT systems affected by the incident is currently ongoing. The company claims that it has been processing customer orders and delivering products for more than a week, despite the fact that it is still working on recovery after the attack.
Even though Microchip Technology is still investigating the origin and scope of the hack, the Play ransomware gang claimed credit on August 29 by including the American chipmaker on its dark web data dump website.
The ransomware outfit claimed that it had stolen "private and personal confidential data, clients documents, budget, payroll, accounting, contracts, taxes, IDs, finance information," among other things, from the infiltrated systems of Microchip Technology.
Since then, the ransomware group has disclosed some of the allegedly stolen material and threatens to release the remaining portion if the company does not respond to the leak.
Notable Play ransomware victims include cloud computing firm Rackspace, car merchant Arnold Clark, the Belgian city of Antwerp, the City of Oakland in California, and, most recently, Dallas County.