Cyber Incident Victim: MaxLinear
Date:
Apr 2020
Location:
United States of America
Summary
MaxLinear experienced a ransomware attack by the Maze group, resulting in unauthorized system access and encryption of computing systems. The company took immediate measures including system isolation, forensic investigation, law enforcement engagement, and restoration efforts. Attackers exfiltrated over 1TB of data, later leaking a portion containing sensitive employee and financial information such as Social Security numbers, driver’s licenses, and compensation details. The incident prompted an enterprise-wide password reset, but operations including production and shipments remained unaffected. MaxLinear declined to pay the ransom, citing cybersecurity insurance coverage and anticipating no material financial impact despite incurring response costs.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
The Maze Ransomware group breached MaxLinear’s systems around April 15, 2020, maintaining unauthorized access until May 24, when the company detected the intrusion. MaxLinear, a NYSE-listed semiconductor firm specializing in connected home and industrial integrated circuits, immediately took all affected systems offline upon discovery. The company engaged third-party cybersecurity experts to investigate, notified law enforcement agencies, and initiated restoration efforts prioritizing data security. Forensic analysis confirmed the attackers exfiltrated over 1TB of data before deploying ransomware to encrypt systems. On June 15, Maze leaked 10.3GB of stolen accounting and financial records as proof of the theft, escalating pressure for ransom payment.
Compromised data included extensive personally identifiable information (PII) and financial records such as employee names, email/mailing addresses, driver’s license numbers, Social Security numbers, dates of birth, compensation details, and dependent information. MaxLinear notified impacted individuals on June 10 via breach disclosure letters and implemented an enterprise-wide password reset. According to a June 16 SEC filing, the attack did not disrupt production capabilities, order fulfillment, or shipments. The company refused to pay the ransom despite Maze’s data leaks, citing cybersecurity insurance coverage and anticipating no material operational impact. MaxLinear acknowledged incremental costs for forensic investigation and system remediation but projected these would not materially affect operating expenses. Law enforcement authorities were engaged throughout the response, though specific agencies were not named in disclosures.