Nvidia has confirmed that hackers stole sensitive data from its networks, including employee credentials and proprietary company information, during last week’s cyberattack and are now “leaking it online,” a spokesperson told TechCrunch on Tuesday.
Nvidia declined to say what data was stolen during the attack, which first came to light on Friday. However, a ransomware outfit called “Lapsus$” has taken responsibility for the breach on its Telegram channel and claims to have stolen 1 terabyte of information, including “highly confidential/secret data” and proprietary source code. According to posts from the group, this includes source code for Nvidia’s hash rate limiter, which reduces the Ethereum mining performance of the company’s RTX 30-series graphics cards.
Though relatively unknown, the Lapsus$ hang first emerged on the ransomware scene in December with an attack on Brazil’s Ministry of Health that stole 50 terabytes of data, including citizens’ vaccination information. Since then, the gang has targeted Portuguese media group Impresa and South American telecommunication providers Claro and Embratel.
“Some researchers believe the gang is based in South America, but I’m not sure how solid the evidence is pointing to that,” Brett Callow, threat analyst at Emsisoft, tells TechCrunch. “So far they appear to be somewhat amateurish, which could indicate that the individuals involved are not experienced cybercriminals.”
Nvidia, which also declined to say who it believes is responsible for the attack, says it became aware of the malicious intrusion on February 23, which prompted the U.S. chipmaker to notify law enforcement and hire cybersecurity experts to help it respond to the attack.
Although the breach occurred a day before the Russian invasion of Ukraine, which prompted some to speculate that the attack may have been connected to Russian state-sponsored hackers, Nvidia added that it has “no evidence that this is related to the Russia-Ukraine conflict.”
The company says it is now working to analyze the information that has been stolen and subsequently leaked, but says it “does not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.” Reports last week had claimed that the cyberattack caused the company’s email systems and developer tools to go offline for two days.
“Security is a continuous process that we take very seriously at Nvidia — and we invest in the protection and quality of our code and products daily,” the Nvidia spokesperson added.