Microchip Technology has reported a cyber incident that has impacted operations at multiple manufacturing facilities. According to an SEC filing, the US semiconductor firm identified suspicious activity in its information technology (IT) systems on 17 August 2024. Upon discovering the issue, Microchip Technology initiated measures to assess, contain, and address the unauthorised activity.
By 19 August 2024, the company confirmed that an unauthorised party had disrupted the functionality of certain servers and affected business operations. In response, Microchip Technology took immediate action by isolating the affected systems, shutting down specific operations, and engaging external cybersecurity experts to conduct a thorough investigation.
The incident has resulted in reduced operational capacity at several of the company’s manufacturing facilities, which has hindered its ability to fulfil customer orders. Microchip Technology has stated that efforts are ongoing to restore the compromised IT systems, resume normal operations and mitigate the consequences of the breach.
Microchip Technology breach impact uncertain
The extent and impact of the cyber incident remain under investigation. As of the date of the company’s SEC filing, it is unclear whether the event will have a significant effect on Microchip Technology’s financial condition or operational performance.
Microchip Technology operates several key manufacturing facilities, including locations in Gresham, Oregon, and Colorado Springs, Colorado. These facilities are crucial for producing a wide range of semiconductor products, such as microcontrollers, microprocessors, embedded controllers, and integrated circuits.
The Gresham facility, one of the company’s largest wafer fabrication plants, plays a vital role in supporting industries like automotive, aerospace, communications, and defense, underscoring Microchip Technology’s significant position in the global supply chain.
Chip firms targeted in multiple cyberattacks
Cyberattacks on semiconductor manufacturers have exposed critical vulnerabilities within the industry, especially as these companies are essential to various high-stakes sectors. For example, in June 2024, GlobalWafers, a major semiconductor firm based in Taiwan, experienced a cyberattack that disrupted its operations, leading to delays in the production of silicon wafers crucial for chip manufacturing.
Earlier in April 2024, Dutch chipmaker Nexperia faced a cyberattack where sensitive data was stolen and later leaked online, significantly impacting its operations and potentially affecting its competitive standing.
Another significant incident involved Taiwan Semiconductor Manufacturing Company (TSMC) in 2023, when a ransomware attack targeted one of its IT hardware suppliers. The attack, carried out by the LockBit group, raised concerns, although TSMC reported that the impact on production was limited.
Similarly, Nvidia, a major player in the graphics chip market, was targeted in 2022 by the ransomware group Lapsus$, which stole proprietary data and demanded a ransom. This incident drew widespread attention due to Nvidia’s prominent role in the technology sector.