Nvidia has confirmed that hackers stole sensitive data from its networks, including worker credentials and personal company information, during last week’s cyberattack and are now “ leaking it online,” a spokesman told TechCrunch on Tuesday.
Nvidia declined to say what data was stolen during the attack, which first came to light on Friday. Still, a ransomware outfit called “ Lapsus$” has taken responsibility for the breach on its Telegram channel and claims to have stolen 1 terabyte of information, including “ largely nonpublic/ secret data” and personal source law. According to posts from the group, this includes source law for Nvidia’s hash rate limiter, which reduces the Ethereum mining performance of the company’s RTX 30-series plates cards.
Though fairly unknown, the Lapsus$ hang first surfaced on the ransomware scene in December with an attack on Brazil’s Ministry of Health that stole 50 terabytes of data, including citizens vaccination information. Since also, the gang has targeted Portuguese media group Impresa and South American telecommunication providers Claro and Embratel.
“ Some experimenters believe the gang is grounded in South America, but I ’m not sure how solid the substantiation is pointing to that,” Brett Callow, trouble critic at Emsisoft, tells TechCrunch. “ So far they appear to be kindly dilettantish, which could indicate that the individualities involved aren’t endured cybercriminals.”
Nvidia, which also declined to say who it believes is responsible for the attack, says it came apprehensive of the vicious intrusion on February 23, which urged theU.S. chipmaker to notify law enforcement and hire cybersecurity experts to help it respond to the attack.
Although the breach passed a day before the Russian irruption of Ukraine, which urged some to presume that the attack may have been connected to Russian state- patronized hackers, Nvidia added that it has “ no substantiation that this is related to the Russia-Ukraine conflict.”
The company says it’s now working to dissect the information that has been stolen and latterly blurted, but says it “ does not anticipate any dislocation to our business or our capability to serve our guests as a result of the incident.” Reports last week had claimed that the cyberattack caused the company’s dispatch systems and inventor tools to go offline for two days.
“ Security is a nonstop process that we take veritably seriously at Nvidia — and we invest in the protection and quality of our law and products daily,” the Nvidia prophet added.