[BreachExchange] U.S. Semiconductor Maker MaxLinear Discloses Ransomware Attack

[Destry Winant]

https://www.securityweek.com/us-semiconductor-maker-maxlinear-discloses-ransomware-attack

United States-based broadband and networking semiconductor maker
MaxLinear this week revealed that some of its operational systems were
infected with the Maze ransomware.

In an 8-K filing with the U.S. Securities and Exchange Commission
(SEC), the company revealed that, although systems within its IT
infrastructure were impacted, no interruptions were caused.

“The ransomware attack has not materially affected our production and
shipment capabilities, and order fulfillment has continued without
material interruption,” the company says.

Last week, MaxLinear started sending letters to impacted individuals
to inform them of the attack, revealing that the incident was detected
on May 24, but that the attackers likely had access to the company’s
systems since at least April 15, 2020.

“We immediately took all systems offline, retained third-party
cybersecurity experts to aid in our investigation, contacted law
enforcement, and worked to safely restore systems in a manner that
protected the security of information on our systems,” reads a copy of
the letter, which the chip maker submitted to the State of
California’s Attorney General.

During the time they dwelt in the company’s network, the attackers
were able to access various types of data, including personal
information of its employees.

Impacted data includes names, mailing addresses, personal and company
emails, employee ID numbers, driver’s license numbers, financial
account numbers, Social Security numbers, dates of birth, work
locations, compensation and benefit information, dependent details,
and date of employment.

The company has prompted an enterprise-wide password reset operation
and is also working on improving its security programs.

MaxLinear says that it does not plan to “satisfy the attacker’s
monetary demands,” although the Maze ransomware operators have already
started releasing what appears to be financial data stolen from the
company.

The organization is working with a third-party to evaluate the
information posted by the hackers. It has already restored some of the
affected systems and equipment, but the restoration effort is ongoing.

“Although we have incurred and will incur incremental costs as a
result of forensic investigation and remediation, we do not currently
expect that the incident will materially or adversely affect our
operating expenses,” the company says.