Microchip Confirms Data Breach as Play Ransomware Leaks Stolen Docs

Microchip Technology Inc., a leading semiconductor manufacturer, disclosed a data breach following a cyberattack that compromised its IT infrastructure.

The attack, claimed by the Play ransomware group, forced the company to partially shut down operations while it worked to restore critical systems. In an SEC filing dated September 4, 2024, the company reported that the breach involved employee contact information and encrypted passwords, though no customer or supplier data was confirmed to be impacted.

The initial disruption occurred on August 20, 2024, when Microchip reported a server outage that affected its business operations. Since then, the company has restored most of its essential IT systems and resumed processing customer orders and shipping products. However, the investigation into the breach is ongoing, and external cybersecurity experts have been brought in to assess the scope and impact of the unauthorized access.

On August 29, the Play ransomware group took credit for the attack, listing Microchip Technology on its dark web leak site. The group claimed the theft of sensitive company information, including confidential employee data, financial records, contracts, and other proprietary documents. The threat actors threatened to leak the stolen data if their demands were not met within 48 hours, a threat which they carried out on time as promised.

The threat actors posted links on their extortion site on the dark web to download for free:

• Employee personal information, such as contact details.
• Confidential financial data, including budgets, payroll, and taxes.
• Sensitive company documents, including contracts and IDs.

Microchip Technology, headquartered in Chandler, Arizona, is a major player in the semiconductor industry, producing microcontroller and analog semiconductors for various industries, including automotive, industrial, and consumer electronics. The company's chips are essential to many high-tech products, which makes any disruption in its operations potentially impactful to supply chains worldwide.

Despite the severity of the breach, Microchip assured in its SEC filing that it does not expect the incident to have a material impact on its financial condition or results of operations. The company has notified law enforcement and regulators and is cooperating fully with the investigation.