Nvidia says hackers stole company data and leaked it online

During last week’s cyberattack, hackers took critical data from Nvidia’s networks, including employee credentials and private company information, and are now “leaking it online,” according to a spokesman who talked to TechCrunch on Tuesday.

Nvidia refused to specify what information was stolen in the incident, which was discovered on Friday. However, in its Telegram channel, a ransomware group known as “Lapsus$” has claimed responsibility for the attack, claiming to have stolen 1 terabyte of data, including “very confidential/secret material” and proprietary source code. This includes source code for Nvidia’s hash rate limiter, which affects the Ethereum mining performance of the company’s RTX 30-series graphics cards, according to posts from the group.

The Lapsus$ group first appeared on the ransomware scene in December, when it launched an attack on Brazil’s Ministry of Health, stealing 50 terabytes of data, including people’ vaccination records. Since then, the gang has targeted Impresa, a Portuguese media company, as well as Claro and Embratel, two South American telecommunications companies.

They appear to be rudimentary so far, which could indicate that the perpetrators are inexperienced cybercriminals. Nvidia, which also declined to say who it suspects is behind the attack, claims to have discovered the malicious breach on February 23, prompting it to alert law police and recruit cybersecurity professionals to assist in the investigation.

Despite the fact that the breach occurred a day before Russia’s invasion of Ukraine, prompting speculation that the attack was linked to Russian state-sponsored hackers, Nvidia said it has “no evidence that this is related to the Russia-Ukraine conflict.”

The company claims it is currently analysing the data that was taken and then disclosed, but “does not anticipate any disruption to our business or our ability to serve our customers as a result of the incident.” According to reports from last week, the intrusion knocked the company’s email servers and developer tools offline for two days.