An update from the Ars Technica story:
Update: A source familiar with the case at Apple told Ars that the compromised firmware affected servers in Apple’s design lab, and not active Siri servers. The firmware, according to the source, was downloaded directly from Supermicro’s support site—and that firmware is still hosted there.
Apple issued the following official comment: Apple is deeply committed to protecting the privacy and security of our customers and the data we store. We are constantly monitoring for any attacks on our systems, working closely with vendors and regularly checking equipment for malware. We’re not aware of any data being transmitted to an unauthorized party nor was any infected firmware found on the servers purchased from this vendor.