Summary
Microchip Technology Inc. (MCHP) filed an 8-K on September 4, 2024, providing an update on a previously disclosed cybersecurity incident. The company reports significant progress in restoring operations, with operationally critical IT systems now back online and the ability to process customer orders and ship products restored for over a week. While the investigation is ongoing, Microchip currently believes the incident is not reasonably likely to materially impact its financial condition or results of operations. The incident involved unauthorized access to certain IT systems, with the company believing employee contact information and some encrypted/hashed passwords may have been obtained. Importantly, Microchip has not identified any customer or supplier data that has been compromised. The company is actively investigating claims of data posted online by an unauthorized party and is working with cybersecurity experts. Regulatory bodies and law enforcement have been notified.
Key Highlights
- 1Substantial restoration of operations: Critical IT systems are back online, and order processing and shipping capabilities have been resumed for over 1.5 weeks.
- 2No identified customer or supplier data compromise: The company explicitly states no customer or supplier data has been obtained by the unauthorized party.
- 3Employee data and password concerns: The incident may have resulted in the acquisition of employee contact information and some encrypted/hashed passwords.
- 4Ongoing investigation and expert involvement: Microchip is diligently investigating the incident's scope and nature with the assistance of external cybersecurity and forensic experts.
- 5No anticipated material financial impact (as of filing): The company currently does not believe the incident will materially affect its financial condition or results of operations.
- 6Notification of relevant parties: Employees, law enforcement, and regulators have been informed of the incident.
- 7Investigation into data posting claims: The company is assessing the validity of claims that unauthorized data has been posted online.