Chipmaker NXP confirms data breach involving customers' information

Dutch chipmaker NXP Semiconductors has alerted customers to a data breach involving their personal information.

The data breach was first flagged by Troy Hunt, the owner of Have I Been Pwned, who tweeted a copy of the email NXP sent to customers affected by the breach. Those affected appear to be individuals with an online NXP account, which provides access to technical content and community support.

“With account security features like two-step authentication, NXP secures your account, protects your privacy and maintains your account information,” a notice on the NXP account benefits page reads.

In a statement to TechCrunch, NXP spokesperson Andrea Lempart declined to say how many customers had been impacted by the breach but confirmed that an “unauthorized party” had acquired "basic personal information" from a system connected to NXP’s online portal. This data includes customers’ full names, email addresses, postal addresses, business phone numbers, mobile phone numbers, company names, job titles and descriptions, and communication preferences.

NXP declined to elaborate on the nature of the breach, and wouldn’t say why NXP has only just begun informing those affected. The intrusion took place on July 11, and was discovered by NXP three days later on July 14.

“We are contacting all affected users out of an abundance of caution to ensure they are aware and extend our apologies for any inconvenience this may cause,” the NXP spokesperson said, adding that the company has notified relevant authorities about the breach.

In the email sent to those affected, NXP urges users to be cautious of unsolicited communications requesting personal information or containing links.

NXP was last in the news after a security researcher uncovered a security flaw in Delhi Metro’s smart card system, which relies on chips manufactured by NXP. The flaw exploits the top-up card’s top-up process and allows anyone to effectively travel on the travel systems for free.

Do you have more information about the NXP data breach? You can contact Carly Page securely on Signal at +441536 853968, or by email. You can also contact TechCrunch via SecureDrop.