Nvidia has confirmed that it was the victim of a cyberattack last week that stole company data.
“We are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online,” the company said in a statement.
The group behind the breach, LAPSUS$, claimed that it stole 1TB of data, including "the most important stuff, schematics, drive, firmware, etc..."
It said that it was waiting for Nvidia to contact them to pay for the return/destruction of the data. In the meantime, it threatened to systematically leak parts of the stolen data.
This week it published the first 19GB tranche, including source code and data on Nvidia GPU drivers.
It also threatened to sell the code to bypass Ethereum mining limitations that Nvidia has enforced on its RTX 3000 graphics cards. The limitations were put in place to stop miners from disrupting its core business, and also so it could sell them alternative products.
With the breach occurring just a day before Russia's invasion of Ukraine, many have wondered if the two events are related.
"We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict," Nvidia said.
LAPSUS$, which is believed to be a South American group, also said: "We are not state-sponsored and we are not in politics at all."