Skip to content

Microchip confirms employee data stolen in August cyberattack

  • by
  • 2 min read

American semiconductor giant Microchip Technology Incorporated has confirmed that sensitive employee information was stolen during a cyberattack that targeted the company in August 2024. The breach, later claimed by the Play ransomware gang, has spotlighted the employees’ data, raising concerns about the security of internal systems within the semiconductor industry.

According to a Wednesday filing with the United States Securities and Exchange Commission (SEC), Microchip has identified that attackers gained access to employee contact information, alongside some encrypted and hashed passwords stored in its systems.

While the breach did not affect customer or supplier data, the stolen employee details raise significant alarms regarding privacy and potential future attacks, particularly if the encrypted passwords can be cracked or used in phishing campaigns.

“While the investigation is continuing, the company believes that the unauthorised party obtained information stored in certain company IT systems, including, for example, employee contact information and some encrypted and hashed passwords,” Microchip said in the filing. “We have not identified any customer or supplier data obtained by the unauthorised party.”

Illustration: jmiks | shutterstock
Illustration: JMiks | Shutterstock

The Play ransomware gang, which claimed responsibility for the attack, has already leaked some of the stolen data on their dark web forum, threatening to release more if the company does not respond, reports BleepingComputer.

The threat actors are known for executing double-extortion schemes, where they steal data from their victims and threaten to release it unless a ransom is paid. The Play ransomware gang claims to have stolen confidential information on their web page, including “private and personal confidential data, client documents, payroll, accounting contracts, taxes, and finance information.”

Breaching employee data rather than just operational or customer information is becoming an increasingly common tactic among ransomware groups. Stolen employee data can be used for malicious purposes, including identity theft, spear-phishing campaigns, and fraud.

Additionally, access to encrypted passwords, even if hashed, poses a significant risk if attackers can decrypt or exploit them in future attempts to access internal systems.

In the News: Hackers move $4 million stolen WazirX ETH to Tornado Cash

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of microsoft office

Microsoft starts naming miscreants in its AI service abuse lawsuits

Europol and 19 countries crack down on AI-generated CSAMs

How to start an encrypted private conversation on skype; features

Skype is finally shutting down in May 2025

Photo: tada images/shutterstock. Com

OpenAI launches Sora in UK and four EU countries

  • by
  • AI, In News
This is an image of paypal business 1

New PayPal scam exploits Google Ads and pay links to target users

This is an image of mozilla firefox 32898sd

Mozilla faces uproar over updated ToS and Privacy Policy

>