Earlier this week AMD announced that it was investigating claims of a serious internal network breach. Now the chipmaker has provided an updated statement to Bloomberg, characterizing the damage as limited. AMD said the infiltration shouldn’t have any significant impact on its operations because the hackers obtained only a limited amount of information.
The first reports of the breach came on June 18 from the attackers themselves. Notorious cybercriminal Intelbroker claimed to have obtained data that included plans for future products, customer information, and employee details. AMD later acknowledged the claims and said it was working “closely with law enforcement officials and a third-party hosting partner to investigate the claim and the significance of the data."
However, AMD followed up with a statement provided to Bloomberg on June 19. It now says the data breach was limited in scope, and would be unlikely to have any significant impact on its business or operations. While not directly refuting claims that the data included customer and employee information, AMD did acknowledge at least some of the stolen information.
A company spokesperson told Bloomberg, “Based on our investigation, we believe a limited amount of information related to specifications used to assemble certain AMD products was accessed on a third-party vendor site.” The statement did not disclose which products, or if they had anything to do with AMD's efforts to rival Nvidia in AI technology.
From that statement, one can hope that means there were no leaked customer or employee details. Samples of the stolen data shared on BreachForums showed screenshots and snippets from AMD’s internal systems, but this could have been limited to the assembly specifications mentioned.
Intelbroker has pulled off various high-profile cyber attacks in the past. It previously infiltrated internal networks at Los Angeles International Airport, exposing personal information and flight manifests. The cybercriminal also compromised several U.S. federal agencies through its Acuity breach.
The cybercriminal was attempting to sell the information gained from breaching AMD’s network. However, some of its other attacks were carried out for reasons other than financial gain, such as disrupting critical infrastructures to further its own geopolitical agenda.
