Nvidia joined the seemingly unending parade of major corporations to fall victim of a hacking attack. Recently, a group of hackers calling itself "Lapsus$" began sharing details about the incident and the damage that it caused. Nvidia confirmed the attack.
Nvidia released a formal statement which reads in part as follows:
"On February 23, 2022, NVIDIA became aware of a cybersecurity incident which impacted IT resources. Shortly after discovering the incident, we further hardened our network, engaged cybersecurity incident response experts, and notified law enforcement.
We have no evidence of ransomware being deployed on the NVIDIA environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online."
At this point there is no word about how many employee credentials were stolen. There is also no word on precisely what the proprietary information might have been. However, based on the official statement, it does not appear that any customer information was stolen. Given that a hack occurred you should be careful. If you have an account with Nvidia, out of an abundance of caution it wouldn't be a bad idea to change your password right away.
The corporate release goes on to say that the investigation into the matter is ongoing, so it is entirely possible that we will get additional details at some later date. Unfortunately, the year is still young and if history is a guide we'll hear about dozens of other companies as the year grinds on who fall victim to hacking attacks of one sort or another.
Despite all the warnings and the money spent on internet security, lax password use and bad email habits remain the leading cause of corporate network breaches. While we do not yet know how access to Nvidia was gained, odds are good that it was connected to one of those two.