MaxLinear, a US provider of integrated radio-frequency analog and mixed-signal semiconductor solutions for broadband communications, announced it has been hit by a Maze ransomware attack.
While the attack affected certain operational systems within the company’s infrastructure, it “has not materially affected our production and shipment capabilities, and order fulfillment has continued without material interruption,” the company said in an 8-K form filed with the U.S. Securities and Exchange Commission.
MaxLinear also said it has “no plans to satisfy the attacker’s monetary demands,” as it carries cybersecurity insurance, and some of the affected systems and equipment have already been restored.
According to a letter to the State of California’s Attorney General, the incident was detected on May 24. “We immediately took all systems offline, retained third-party cybersecurity experts to aid in our investigation, contacted law enforcement, and worked to safely restore systems in a manner that protected the security of information on our systems,” the company said.
The investigation revealed evidence that the attackers gained access to their systems as early as April 15, viewing internal documents and employee data. The compromised data includes names, personal and company email addresses, personal mailing addresses, employee ID numbers, driver’s license numbers, financial account numbers, Social Security numbers, date of birth, work location, compensation and benefit information, dependents and date of employment.
In response to the attack, MaxLinear said it has implemented a company-wide password reset and are taking steps to enhance its infrastructure’s security to avoid similar security incidents in the future.
Employees with compromised personal information are provided free credit monitoring services for 12 months, and are encouraged to review their credit reports regularly, monitoring for any suspicious activity or misuse of their information.