US semiconductor manufacturer Microchip Technology has disclosed that an “unauthorized party” disrupted its server operations, affecting some aspects of its business.
The breach was detected on August 17 and has led to a significant slowdown in the company’s manufacturing capabilities, Microchip said in a SEC filing.
According to the regulatory filing, the company noticed potentially suspicious activity within its IT systems, prompting an investigation.
“Upon detecting the issue, the Company began taking steps to assess, contain and remediate the potentially unauthorized activity,” the company said in the statement.
By August 19, evidence confirmed unauthorized access.
“The Company determined that an unauthorized party disrupted the Company’s use of certain servers and some business operations. The Company promptly took additional steps to address the incident, including isolating the affected systems, shutting down certain systems, and launching an investigation with the assistance of external cybersecurity advisors,” the filing added.
“As a result of the incident,” the company said, “certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill orders is currently impacted.”
“Microchip is in a tough spot,” said Neil Shah, VP for research and partner at Counterpoint Research. “This disruption while could hurt monetarily or operationally in the near-term but in the longer-term it also begs the question for Microchip customers to think about diversifying its suppliers.”
The company, however, assured stakeholders that efforts are underway to restore normal operations as quickly as possible.
The precise cause of the incident, the full extent of the disruption, and whether ransomware was involved remain unclear. However, the company’s swift action to isolate affected systems suggests that the breach could have posed a broader threat to its IT infrastructure.
“Microchip is likely to effectively address the vulnerabilities that allowed unauthorized access to its systems,” said Arjun Chauhan, senior analyst at Everest Group. “However, this incident is expected to negatively impact sentiment within critical industries such as automotive, defense, and aerospace, in which Microchip plays a key role as a silicon supplier.”
A query seeking more clarification from Microchip remains unanswered.
The repercussions
This disruption is particularly concerning given Microchip’s critical role in supplying the U.S. automotive, defense, and aerospace sectors. In January 2024, the Biden administration awarded the company a $162 million order to expand its manufacturing capabilities, highlighting its importance as a supplier to mission-critical industries.
Microchip’s products are essentially for high-speed applications, including automotive systems, aerospace components, and NASA’s next-generation High-Performance Spaceflight Computer (HPSC).
Shah pointed out that many a time the end customers are locked into an application based on the single vendor solution and for those customers it will be even tougher as there is no alternative.
“This is where some customers will have to rethink and derisk by diversifying their product design even though it hurt scalability in the short term,” Shah added.
Microchip also offers foundry services, and any disruption in this area could further strain the already tight silicon supply chain. The incident underscores the ongoing vulnerability of semiconductor manufacturers to cyberattacks, following similar breaches this year at companies like TSMC, Nexperia, and AMD.
“In the unlikely event that these security gaps are not promptly and thoroughly resolved, there could be significant delays in the manufacturing and deployment of essential technologies, forcing companies reliant on Microchip’s silicon to seek alternative suppliers,” Chauhan said.
“Given the strategic importance of silicon in shaping global industries, and the Biden administration’s emphasis on bolstering domestic manufacturing in this space, it is imperative that cybersecurity remains a top priority for businesses operating in these sectors.”
As the investigation continues, the industry will be watching closely to understand the full impact of this cyber incident on Microchip’s operations and the broader supply chain.
Rising cyberattacks on semiconductor firms
As the global reliance on semiconductors continues to surge, the industry faces a growing threat: cyberattacks. Semiconductor companies, which are the backbone of critical technologies in automotive, defense, telecommunications, and consumer electronics, have increasingly become prime targets for cybercriminals.
Semiconductor firms are appealing targets due to the high value of their intellectual property (IP), sensitive manufacturing processes, and their critical role in global supply chains. The complexity and precision involved in chip manufacturing mean that any disruption — whether through data theft, ransomware, or system sabotage — can have far-reaching consequences, impacting not just the firms themselves but also the industries that depend on their products.
“If the cyber threats on semiconductor companies persist, they could lead to a smaller second wave of semiconductor disruption depending upon which vendor is being affected and its exposure to different industries,” added Shah. “This calls for investing in more resilient processes and systems, including consistent audits, whitelisting of software, and systems to avoid such sophisticated attacks.”
In recent years, several high-profile cyberattacks have highlighted the vulnerability of the semiconductor sector. In 2022, Nvidia faced a significant ransomware attack that exposed sensitive employee data and proprietary information. This year, TSMC, the world’s largest contract chipmaker, also fell victim to a ransomware attack that temporarily disrupted its operations. Similarly, Nexperia and AMD have reported breaches, further underscoring the sector’s growing exposure to cyber threats.
“Recent cyberattacks on semiconductor manufacturers, including TSMC, Nexperia, AMD, and now Microchip, underscore the heightened vulnerability of the global semiconductor supply chain. These incidents reveal the fragility of a sector already strained by high demand and limited production capacity,” Chauhan stated.
“To mitigate these risks,” he said, “companies must invest in comprehensive cybersecurity frameworks that encompass continuous monitoring, threat intelligence sharing, and robust incident response planning. This proactive approach is essential to safeguarding the integrity and cyber resilience of the semiconductor supply chain.”