NVIDIA confirms hackers obtained company data in last week's cyberattack

A group called LAPSUS$ is claiming responsibility for the incident.

Mike Blake / reuters

NVIDIA confirmed Tuesday some of its data was stolen as part of a cyberattack that occurred last week. “We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online,” a company spokesman told Engadget.

NVIDIA didn’t specify exactly what was stolen from its computer systems. But according to PCMag, a group called LAPSUS$ is claiming responsibility for the attack. It says it obtained 1TB of data, including schematics and driver source code. The collective is demanding a ransom paid in cryptocurrency to prevent NVIDIA’s files from becoming public. It says the company has yet to contact it.

It’s unlikely NVIDIA will get in touch. Following last year’s Colonial Pipeline cyberattack, the Biden administration has strongly discouraged businesses from cooperating with hackers. "We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident," the company said.

After becoming aware of the attack on February 23rd, NVIDIA says it notified law enforcement and began working with cybersecurity experts to respond to the incident. “We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict,” the company said. LAPSUS$ also claims its actions weren’t politically motivated. “We are not in politics AT ALL,” the group states in a post seen by PCMag.