IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Nvidia confirms data breach as hackers make additional demands

Nvidia has confirmed a rumoured hack on its systems for the first time as the first part of the alleged 1TB of company secrets is made available to download

Nvidia has confirmed the LAPSU$ hacking group successfully breached its systems and that previously unconfirmed reports that the group stole company data are true.

The chipmaker debunked the rumours that ransomware was involved in the security incident and made it clear the hack was in no way related to the current conflict between Russia and Ukraine.

Nvidia previously stated that it was investigating an incident but did not confirm the hack had actually taken place.

“On February 23, 2022, Nvidia became aware of a cyber security incident which impacted IT resources,” said an Nvidia spokesperson to IT Pro. “Shortly after discovering the incident, we further hardened our network, engaged cyber security incident response experts, and notified law enforcement.

“We have no evidence of ransomware being deployed on the Nvidia environment or that this is related to the Russia-Ukraine conflict. However, we are aware that the threat actor took employee credentials and some Nvidia proprietary information from our systems and has begun leaking it online. Our team is working to analyse that information. 

“We do not anticipate any disruption to our business or our ability to serve our customers as a result of the incident. Security is a continuous process that we take very seriously at Nvidia – and we invest in the protection and quality of our code and products daily.”

LAPSU$ goes public

The LAPSU$ hacking group has been providing regular, candid updates on its operation via its Telegram channel and on Tuesday, it posted download links for the first part of the 1TB cache of documents it said it stole from Nvidia. 

The most recent update shared by the group, posted late Tuesday evening, was an additional requirement it wants Nvidia to honour. 

“We request that NVIDIA commits to COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers for Windows, macOS and Linux, from now on and forever,” the post read.

LAPSU$ said that if Nvidia does not meet its latest demand, it will release the full set of files it has on the most recent and future models of the company’s flagship graphics cards. 

The ultimatum presented to Nvidia is to make the drivers for its graphics cards open source forever or lose access to the trade secrets LAPSU$ said it has stolen from the company.

Screenshot of hackers' ultimatum posted to Telegram

IT Pro

The reason for the hack, LAPSU$ said, is to help the gaming and cryptocurrency mining community. One of the key technologies on which the group claims to have information is Nvidia’s lite hash rate (LHR) - a technology that aims to reduce a graphics card’s ability to effectively mine cryptocurrency while preserving gaming performance.

Related Resource

The best defence against ransomware

How ransomware is evolving and how to defend against it

Blue padlock Free download

LAPSU$ said it holds source code and other files relating to LHR but won’t release a bypass directly because they don’t want to release anything that “may brick any card”, but said “any developer with a good brain can compile what we gave you [in part 1 of the leak]”.

It also said it’s ready to sell a piece of software that could bypass LHR but they won’t sell it cheaply. Nvidia previously refused to comment on what type of data had been stolen or who was behind the hack.

LAPSU$ is using a double extortion method of operation, similar to the one that’s becoming increasingly popular with ransomware gangs. It involves compromising a victim and stealing data before encrypting their machine, threatening to leak that data if the ransom isn’t paid.

It aims to further encourage victims to pay the ransom when industry advice dictates to never pay. Europol recently said it observed an uptick in double extortion cases in the past year and Mandiant said one in seven cases results in critical data being leaked. 

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now

Recommended

PCI consortium implies Nvidia at fault for its melting cables
Hardware

PCI consortium implies Nvidia at fault for its melting cables

2 Dec 2022
Nvidia rolls out AI platform across NHS hospitals
artificial intelligence (AI)

Nvidia rolls out AI platform across NHS hospitals

29 Nov 2022
Why developers are turning to ultra-powerful workstations for more creative freedom at less cost
Whitepaper

Why developers are turning to ultra-powerful workstations for more creative freedom at less cost

22 Nov 2022
Nvidia and Microsoft team up to build 'most powerful' AI supercomputer
high-performance computing (HPC)

Nvidia and Microsoft team up to build 'most powerful' AI supercomputer

17 Nov 2022

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it
Sponsored

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023