MaxLinear

U.S. system-on-chip (SOC) manufacturer MaxLinear announced that some of its computing systems were hacked last month by Maze Ransomware operators following an initial intrusion that occurred about April 15.

MaxLinear is a New York Stock Exchange traded company and provider of integrated RF, analog and mixed-signal circuits for connected applications in both home and industrial environments.

In April 2020, MaxLinear announced net revenue of $62 million for the first quarter of 2020 and shared plans to “acquire Intel’s Home Gateway Platform Division in the third quarter of this year” with its CEO, Kishore Seendripu.

Data breach reported after stolen data leaked online

In a notice of  data breach sent to affected persons on June 10, MaxLinear reports that the attack was discovered on May 24.

“We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems,” the letter reads.

“Our investigation to-date has identified evidence of unauthorized access to our systems from approximately April 15, 2020, until May 24, 2020.”

MaxLinear says it was able to restore some of the affected systems during the attack and its IT personnel are still working on bringing back the rest.

On June 15, Maze Ransomware leaked 10.3GB of accounting and financial details from an allegedly stolen over 1TB of data before encrypting MaxLinear’s devices.

Data leaked by Maze Ransomware

Data leaked by Maze Ransomware

Personal and financial info exposed

The SOC maker says that this leaked information could include personally identifiable (PII) and financial information such as “name, personal and company email address and personal mailing address, employee ID number, driver’s license number, financial account number, Social Security number, date of birth, work location, compensation and benefit information, dependent, and date of employment.”

The organization further reports that the incident resulted in a reset of an enterprise-wide password and that the violation was revealed to the law enforcement authorities concerned.

According to documents submitted to U.S. Securities and Exchange Commission (SEC) on June 16, as discovered by Reuters, the attack did not impact delivery, order fulfillment and development capacities, and MaxLinear does not intend to pay the ransom Maze Ransomware demanded to stop the stolen data leakage.

In the SEC filing, the chipmaker said that although the company would incur extra costs as a result of the forensic investigation and remediation of the systems following the attack, it does not anticipate “that the incident will materially or adversely affect our operating expenses.”

“We carry cybersecurity insurance, subject to applicable deductibles and policy limits,” MaxLinear said.