The actor behind last week's incident is leaking employee credentials and proprietary information onto the internet. The company said in a statement that it did not anticipate any disruption to its business or its ability to serve its customers after it became aware of the breach on February 23rd.
The group Lapsus$ claimed responsibility for the attack and demanded that the company make its drivers open-sourced. The company says it has made improvements to its security and is working with experts to respond to the attack.
“We request that NVIDIA commits to COMPLETELY OPEN-SOURCE (and distribute under a foss license) their GPU drivers”
According to PCMag, Lapsus$ claims to have a Terabyte of data. The hardware folder contains information on all recent Nvidia graphics cards, including the mysterious RTX 3090 Ti, according to a message seen by The Verge. The group threatened to leak the files if the limitations on the graphics cards were not removed. Lapsus$ said that the company had until Friday to make a decision, adding that it had updated its demands today.
There was speculation that the attack could be linked to the conflict between Russia and Ukraine, and that there was an incident that was looking into. There is no evidence that either of those things are true.
Toby Lewis, Head of Threat Analysis at dark web intelligence firm Darktrace, told The Verge that the alleged hacking group's previous targets and near-native use of Spanish and Portuguese in previous ransom notes suggest that it operates out of South America.