A hardware company called MaxLinear based in the United States that manufactures system-on-chip (SOC) has confirmed that parts of the firm’s systems were recently encrypted by cybercriminals using the notorious Maze Ransomware.
The encryption took place last month, but the infiltration and initial breach date further back to April.
MaxLinear is a provider of analogue, mixed signal and RF integrated circuits used in a range of applications, including industrial, home and enterprise infrastructure. The company made headlines in April this year when Kishore Seendripu, its CEO, announced new plans to “acquire Intel’s Home Gateway Platform Division” later in the year following a net revenue in 2020s first quarter of $62m (£49.6m).
Proper protocol following a data breach
On June 10th, in line with regulatory legislation, the company alerted individuals impacted by the breach, stating the cyberattack was first identified on May 24th.
The notification stated:
“We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems. Our investigation to-date has identified evidence of unauthorised access to our systems from approximately April 15, 2020, until May 24, 2020.”
The enterprise also commented that it had managed to restore parts of its systems impacted by the breach and that its IT personnel were now working to bring back the remainder.
Personally identifiable information exposed
Maze Ransomware operators claimed to have stolen one terabyte of data before they encrypted the SOC maker’s systems, barring access. On June 15, as proof of their attack, the threat actors exposed 10.3 gigabytes of sensitive information that included both financial and accounting data.
The notification from MaxLinear stated that the information leaked could potentially comprise both financial details and Personally identifiable Information (PII). Examples of exposed PII were listed as:
“…name, personal and company email address and personal mailing address, employee ID number, driver’s license number, financial account number, Social Security number, date of birth, work location, compensation and benefit information, dependent, and date of employment.”
The chipmaker also stated that the unfortunate incident has involved a company-wide reset for passwords and that law enforcement agencies have been informed of the ransomware attack and data breach.
Documents filed in June with the US Securities and Exchange Commission (SEC) confirm that the malicious attack by Maze Ransomware operators did not negatively impact the chipmaker’s production schedule or its capability to fulfill customer orders. The company stated in the submitted SEC files that while it would inevitably incur additional costs for systems remediation and forensic investigation, it did not believe the incident would adversely or materially affect MaxLinear’s operating expenses.
A spokesperson for the firm commented:
“We carry cybersecurity insurance, subject to applicable deductibles and policy limits.”
MaxLinear has confirmed it has no intention of paying the ransom demanded by the cybercriminals in return for not leaking the stolen information. The sum requested by Maze has yet to be disclosed.