The group of attackers who accessed the network of high-end graphics processing unit maker NVIDIA last week has stolen a large amount of proprietary information, including employee credentials and reportedly source code for some upcoming products.
The company discovered the compromise on Feb. 23 and said Tuesday that it was aware that some of the stolen information was being leaked online. NVIDIA said that so far there has been no indication that the attackers deployed ransomware on the company’s network, but the online leaks could prove just as damaging.
“On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement,” the NVIDIA statement says.
“We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee passwords and some NVIDIA proprietary information from our systems and has begun leaking it online.”
NVIDIA is one of the major providers of GPUs that are used in gaming systems, high-end PCs, and handheld devices. After the breach, attackers claiming to be responsible for the incident posted some code that they claimed was source code for the company’s Deep Learning Super Sampling (DLSS) technology for image processing. The group is also threatening to release more information unless NVIDIA agrees to make its graphics drivers open source.
The company has not addressed the validity of the code leak but said that its security team is looking at it to see whether it’s authentic.
“Our team is working to analyze that information. All employees have been required to change their passwords. We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident,” the company said.