In a significant cybersecurity incident, MathWorks, Inc., the developer of the widely used MATLAB and Simulink software, has confirmed that it was the victim of a cyberattack that compromised the personal information of its users. The company disclosed that it discovered the security breach on May 18, 2025, a month after the threat actor initially gained unauthorized access to its internal networks. While the exact number of affected individuals has not been disclosed, the company has begun the process of notifying those whose data may have been stolen. The breach highlights the ongoing vulnerability of even major technology firms to sophisticated cyber threats.
The investigation into the incident revealed that the cybercriminals had access to MathWorks’ systems for an extended period, from April 17 to May 18, 2025. During this time, the attackers were able to exfiltrate a range of personally identifiable information (PII). MathWorks has stated that the stolen data varies by individual, but could include highly sensitive details such as full names, addresses, dates of birth, Social Security Numbers, and non-U.S. national identification numbers. The theft of this information places affected users at a heightened risk of identity theft, financial fraud, and other malicious activities.
Upon discovering the intrusion, MathWorks reports that it immediately activated its incident response plan. The company engaged federal law enforcement and hired third-party cybersecurity experts to assist with the investigation and remediation efforts. According to a notice sent to affected users, the company has since worked to contain the breach, remove the unauthorized access, and bolster its security posture to prevent future attacks. A company statement emphasized that they have “eradicated the unauthorized access and taken steps to safeguard our systems and information.” As an additional protective measure, MathWorks has also hired a third-party service to monitor the dark web for any signs that the stolen data is being sold or distributed.
To date, MathWorks claims there is no evidence that the compromised data has been misused, sold, or posted online. The company’s notice to affected individuals stated, “While we are not aware of any actual or attempted misuse of personal information or any financial harm to involved individuals as a result of this incident, as a protective measure, we are providing notice of this incident and identity protection services.” MathWorks is also providing free identity protection services to all those who were affected by the breach. This is a common practice among companies that have experienced similar data thefts, aimed at mitigating potential harm to their users.
As a result of the breach, MathWorks is urging its users to be vigilant. The company is advising all customers, and especially those who received a notification, to carefully review their financial account statements and monitor their credit reports for any suspicious transactions or inaccuracies. An informational guide on general identity theft protection has also been provided to assist users in safeguarding their personal information. This incident serves as another stark reminder of the persistent threat posed by cybercriminals and the critical importance of robust cybersecurity measures for all organizations that handle sensitive user data.
Reference:
