Lock on computer chip showing chipmaker data breach

Dutch Chipmaker Nexperia Suffers a Data Breach That Exposed Sensitive Information

Global chipmaker Nexperia confirmed a significant data breach after hackers accessed some of its systems and potentially stole sensitive information, including the company’s intellectual property.

Nexperia is a subsidiary of Wingtech Technology, a Chinese tech firm that acquired it in 2018. Based in Nijmegen, the Netherlands, it operates in the United States, Europe, and Asia and employs about 15,000 workers worldwide.

Its production capacity is about 100 billion units of semiconductor components, including basic chips, transistors, diodes, and logic controllers, earning the company about $2.4 billion in revenue annually.

“Nexperia has become aware that an unauthorized third party accessed certain Nexperia IT servers in March 2024,” the company said in a press statement posted on its website.

The statement added that the company retained FoxIT’s cyber forensics services to “investigate the full extent and impact” of the cyber incident. The company has also reported the cyber attack to the Dutch authorities and is following the investigation closely.

Dutch chipmaker disconnects servers after a cyber attack

Nexperia said it pulled some systems offline and took additional protective security measures after learning of the data breach.

“We promptly took action and disconnected the affected systems from the internet to contain the incident and implemented extensive mitigation,” said the company.

Nexperia also “launched an investigation with the support of third-party experts to determine the nature and scope of the incident and took strong measures to terminate the unauthorized access.”

The chipmaker also notified Dutch law enforcement and data protection authorities, including the ‘Autoriteit Persoonsgegevens.’

However, Nexperia refused to divulge more details, including the nature of information stored on the breached servers and the attack vector, citing an ongoing investigation.

“In the interest of the ongoing investigation, we cannot disclose further details at this point,” the company said.

The extent of the disruption occasioned by the cyber attack is also shrouded in mystery. Similarly, the Dutch-based Chinese-owned chipmaker withheld information on whether the attackers had made any ransom demands.

“While daily data breaches appear in the media, it’s commendable that they show organizations have effective incident response programs and third-party support for analysis and forensics,” said James McQuiggan, Security Awareness Advocate at KnowBe4. “What is always lacking from these discoveries is the root cause of the attack. Organizations need to cultivate and encourage a strong security culture among upper management, users, and anyone with an email address.”

Dunghill hacking group takes responsibility for the Nexperia data breach

On April 10, the Dunghill hacking group claimed responsibility for the Nexperia data breach, alleging it stole 1 TB of information from the chipmaker’s servers.

The presumably stolen information includes quality control data, production information, corporate details, trade secrets, designs of various electronic components, and over 100 GB of client, customer, and employee personal information affecting over 900 companies, including SpaceX, Apple, IBM, and Huawei.

According to the Dutch broadcaster RTL, the group published a small sample of the stolen data, which included internal emails and the former senior vice president’s passport. The hacking group also threatened to publish the entire trove if a ransom was not paid.

So far, the chipmaker has not ascertained the authenticity of the stolen information but is closely following the ongoing investigation.

Dunghill has a history of targeting the electronics and automation industries. In September 2023, the group was attributed to the Johnson Controls data breach that allegedly leaked 27 GB of information.

That ransomware attack encrypted VMWare and ESXi virtual servers and resulted in expenses exceeding $27 million, with the cyber gang demanding $51 million in ransom.

“While the Dunghill ransomware group has gone after various energy, manufacturing, and automation controls companies in the past 18 months, their focus on Nexperia strikes us as a level-up,” said Sean McNee, VP of Research and Data at DomainTools. “Nexperia is a global semiconductor company that handles large amounts of sensitive information and works with power-house companies like Apple, SpaceX, and IBM.”

While chipmakers are frequently the targets of industrial espionage, the Nexperia data breach seems purely financially motivated. However, cybercriminals would not hesitate to sell the chipmaker’s trade secrets to its competitors to further capitalize on their access.

“We’ve seen in previous ransomware attacks from this group that they tend to ask for millions in ransom, though it is not known yet how much Dunghill has demanded from Nexperia. If the company does pay the ransom, it will likely be very large sum,” concluded McNee.