Nvidia confirms company data was stolen in hack
Nvidia has confirmed that hackers stole data from the company during last week’s breach.
“We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,” the company said in a statement.
Nvidia did not specify what was stolen. But the group behind the breach, LAPSUS$, claims it looted 1 TB of data, including files about Nvidia hardware and software. The hackers are now demanding that the company pay up in cryptocurrency to keep the data secret. However, LAPSUS$ told us that Nvidia has yet to make the connection.
Posts from the hacker group
Nvidia says it became aware of the breach on Wednesday, February 23, prompting the GPU maker to notify police and contact cybersecurity experts to help it respond to the attack.
The breach occurred a day before the Russian invasion of Ukraine, prompting some observers to wonder if the breach was linked to Russian state-backed hackers. However, Nvidia said: “We have no evidence that ransomware has been deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict.” LAPSUS$ has also denied any association with a state-sponsored hacker group.
Nvidia is now working to analyze what information LAPSUS$ has leaked onto the internet. “We do not expect any disruption to our business or our ability to serve our customers as a result of the incident,” the company added.
LAPSUS$ has already begun leaking a 19GB archive that allegedly contains information about Nvidia’s software, including the source code for the company’s DLSS technology that boosts frame rates, according to(Opens in a new window) to TechPowerUp.
Recommended by our editors
At the same time, the hacker group claims to have a GPU driver capable of unlocking Nvidia’s Ethereum mining limiter on the company’s RTX 3000 graphics cards. The group now hopes to sell it to interested buyers.
LAPSUS$ also claims that Nvidia has encrypted one of the hacker group’s computers during the group’s attempt to exfiltrate the data from the company. Nvidia has yet to confirm this. However, a source familiar with the matter said Nvidia did not hack LAPSUS$ or plant malware on their computers in retaliation.
Do you like what you read?
Sign up SecurityWatch newsletter for our best privacy and security stories delivered straight to your inbox.