More than 20 gigabytes of sensitive proprietary data and source code from chipmaker Intel Corp. was dumped online by a third party. The dump is likely a result of a data breach caused earlier this year. The leaked announcement of the “first 20gb release in a series of large Intel leaks” was revealed by a user and IT consultant Tillie 1312 Kottmann on Twitter. The reveal named the information “Intel ex-confidential Lake Platform Release.” “Most of the leak information here have NOT been published ANYWHERE else before and are classified as confidential, under NDA or Intel Restricted Secret,” as per the tweet. Intel later confirmed the hack leak of the data.
Intel Data Leak
The information leaked appears to be breached from the Intel Resource and Design Center. This department hosts information for registered users who are mostly Intel customers and partners. The information is provided to these registered users through the centre under NDA. Intel does not believe that its network was breached, but it stated that it is more likely that “an individual with access has downloaded and shared this data. There is, however, also a chance that the information leaked is not current and something that the company is currently trying to determine.
It’s a common practice of IT companies to share confidential information about upcoming technology and product releases with their trusted customers and partners before the information is available publicly. Even with trusted relationships and NDAs, tech organizations still run the risk that the intellectual property (IP) will make it somehow into the public forum before the company publicizes it. this is an “unavoidable part of doing business,” stated Erich Kron, a security awareness advocate. “While the leak appears to be an issue related to a third party, it does highlight the security concerns around the intellectual property when working with trusted business partners across the supply chain,” he stated.
Intel Suffers Data Breach
Though data breaches are considered as jeopardizing the privacy of customers and partners and potentially using data for financial gain by threat actors, a company’s IP can be just as valuable and resourceful. As such, the results of it falling into the wrong hands in the public is highly damaging. “This intellectual property thing can be precious to potential competitors, and even nation-states, who look forward to capitalizing on research and development done by the companies,” he stated.
Intel is investigating the incident, as the attacker claims to hold much more data yet to release from the leak. This may help Intel “to narrow down the source of the leak,” Chris Clements, vice president of Solutions Architecture stated.
The purported leak highlights the constant challenge that tech companies and organizations face when balancing their distribution of non-public sensitive information outside the company with ensuring that the information isn’t misused or leaked unauthorized. “For the most part in the entire situation, once the documents leave the network the companies have very little control of where they eventually end up,” Clements said.