"Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement," a NVIDIA spokesperson told FOX Business. "We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online."
The spokesperson added that the chipmaker's team is analyzing the leaked information and that it does not anticipate any disruption to its business or ability to serve its customers as a result of the incident.
"Security is a continuous process that we take very seriously at NVIDIA – and we invest in the protection and quality of our code and products daily," the company added.
According to Darkweb threat intelligence platform DarkTracer, ransomware gang "Lapsus$" has purportedly taken responsibility for the NVIDIA incident. Posts appear to show that Lapsus$ has about 1 terabyte of company data, including source code for Nvidia's hash rate limiter, which reduces the Ethereum mining performance of its RTX 30-series graphics cards.
Lapsus$ has previously claimed responsibility for stealing 50 TB of data from Brazil's Ministry of Health. It also carried out a ransomware attack against Portuguese media group Impresa and its weekly newspaper Expresso, according to cloud software provider Acronis.
Shares of Nvidia fell nearly 5% during Tuesday's trading session.