Cyberattack Hits Microchip Technology, Employee Info Stolen

Microchip Technology has disclosed a cyberattack disrupting its operations across multiple manufacturing facilities.

The Chandler, Arizona-based company provided an update on the cyberattack in a filing with the U.S. Securities and Exchange Commission. Microchip Technology provides smart, connected and secure embedded control solutions.

According to Bleeping Computer, the Play ransomware gang claimed responsibility for the attack.

An unauthorized party disrupted Microchip Technology’s use of certain servers and business operations.

“The company has been processing customer orders and shipping products for over a week and a half,” it said. “Operationally critical IT systems are back online, and we have substantially restored our operations. The company continues to work diligently to bring the remaining affected portions of its IT systems back online while continuing to follow cybersecurity protocols.”

Information Taken from Microchip Technology IT Systems

While the investigation is ongoing, Microchip Technology said it believes that the unauthorized party obtained information stored in certain company IT systems, including, for example, employee contact information, and some encrypted and hashed passwords.

“We have not identified any customer or supplier data that has been obtained by the unauthorized party,” it said. “The company continues to investigate the nature and scope of the unauthorized access. The company has notified employees, law enforcement and regulators of the incident.”

Related:Critical Start Pinpoints Most Targeted Industries for Cyberattacks

Microchip Technology said it’s aware that an unauthorized party claims to have acquired and posted online certain data from its systems. It’s investigating the validity of this claim with assistance from its outside cybersecurity and forensic experts.

The full scope, nature and impact of the incident are not yet known, the company said. As of the date of its SEC filing, the company doesn’t believe the incident is likely to materially impact its financial condition or results of operations.

All the Makings of a Ransomware Attack

Erich Kron, security awareness advocate at KnowBe4, said while the actual nature of this incident has not been disclosed, it “certainly appears to have all of the makings of a ransomware attack.”

KnowBe4's Erich Kron

“Unfortunately, manufacturing organizations have a double threat when it comes to ransomware attacks,” he said. “Not only does modern ransomware tend to impact manufacturing capabilities, but it also generally steals data as well to increase their leverage during negotiations. This data that is stolen can often contain sensitive and proprietary design plans or manufacturing processes that can be a competitive advantage for the organization. If this information is leaked to the public or their competition, it could negatively impact their competitive advantages."

Related:CDK Global Cyberattacks Impact 15,000 Auto Dealerships, Enter 3rd Day

Because manufacturing organizations often work on a very tight deadline, coordinating the arrival of raw materials from vendors and the shipment of completed goods, disruptions to this flow can become very challenging, and catching up once the systems are back online can be very difficult, Kron said.

Paul Bischoff, consumer privacy advocate at Comparitech, said although Microchip Technology says that there's no evidence the stolen data was misused, employees should still assume the worst.

Comparitech's Paul Bischoff

“Change passwords and be on the lookout for targeted phishing messages, and take advantage of free credit monitoring or ID theft protection if it's offered,” he said. “The bigger question at this point is whether Play was able to steal anything that would put Microchip's clients at risk, such as information about vulnerabilities in its products. This is a serious threat considering Microchip's clients include defense, industrial and aerospace companies."