American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang.
Headquartered in Chandler, Arizona, the chipmaker has around 123,000 customers from multiple industry sectors, including industrial, automotive, consumer, aerospace and defense, communications, and computing markets.
On August 20, Microchip Technology disclosed that operations at multiple manufacturing facilities were affected by a cyberattack discovered on August 17. The incident impacted the company’s ability to meet orders and forced it to shut down some of its systems and isolate the affected ones to contain the breach.
In a Wednesday filing with the U.S. Securities and Exchange Commission, Microchip Technology revealed that its operationally critical IT systems are now back online, with operations “substantially restored” and the company processing customer orders and shipping products for over a week.
Microchip Technology added that the attackers had stolen some employee data from its systems but it has yet to find evidence that customer information was also exfiltrated during the breach.
“While the investigation is continuing, the Company believes that the unauthorized party obtained information stored in certain Company IT systems, including, for example, employee contact information and some encrypted and hashed passwords. We have not identified any customer or supplier data that has been obtained by the unauthorized party,” Microchip Technology said.
“The Company is aware that an unauthorized party claims to have acquired and posted online certain data from the Company’s systems. The Company is investigating the validity of this claim with assistance from its outside cybersecurity and forensic experts.”
Attack claimed by Play ransomware
Microchip Technology is still evaluating the extent and impact of the cyberattack with help from external cybersecurity experts. It’s also still restoring IT systems that were impacted in the incident. Despite still working on recovery after the attack, the company says it’s been processing customer orders and shipping products for over a week.
Even though Microchip Technology is still investigating the nature and scope of the cyberattack, the Play ransomware gang claimed responsibility on August 29, when it added the American chipmaker to its data leak website on the dark web.
They claimed to have stolen a wide range of information from Microchip Technology’s compromised systems, including “private and personal confidential data, clients documents, budget, payroll, accounting, contracts, taxes, IDs, finance information,” and more.
The ransomware gang has since partially leaked the allegedly stolen data and threatened to leak the rest of it if the company doesn’t react to the leak.
Play ransomware emerged in June 2022, with initial victims seeking help through BleepingComputer’s forums. Play operators steal sensitive data from compromised systems to use in double-extortion schemes, putting pressure on victims to pay a ransom if they want to avoid having their data leaked online.
Notable Play ransomware victims include cloud computing company Rackspace, car retailer giant Arnold Clark, the Belgian city of Antwerp, the City of Oakland in California, and, most recently, Dallas County.
In collaboration with CISA and the Australian Cyber Security Centre (ACSC), the FBI also issued a joint advisory in December warning that this ransomware group had breached around 300 organizations globally as of October 2023.