The Play ransomware group has leaked more than 5GB of sensitive data that it allegedly stole from Microchip Technology (NASDAQ: MCHP), a semiconductor supplier in the US. Last week, Microchip disclosed in a regulatory filing that the cyberattack disrupted operations at several of its manufacturing plants, causing delays in assembly lines.
Microchip technology, which serves 123,000 customers in a variety of critical industries, including automotive and aerospace, has been the target of a prominent cybercrime group since it appeared in June 2022. Play ransomware, which is notoriously blind to organizations such as A10 Networks and Rackspace, listed the Microchip on its dark website on August 27; the first data leak happened just two days later, on August 29.
The leaked information reportedly included personal information, IDs, and documents relating to customers, budgets, accounting, payroll, contracts, and taxes. However, the hackers say this is only a fraction of what they stole and threaten to release more unless their demands are met.
Let’s take an example to understand more. Imagine a burglar not only stealing valuables from your home but threatening to reveal all your secrets, unless you pay for it. The situation is dire, not just for the Microchip, but all organizations are at risk of a similar attack. This case highlights the urgent need for robust cybersecurity measures to protect sensitive resources and sensitive data against increasingly sophisticated cyber threats.
