Taiwan Semiconductor Manufacturing Company (TSMC), the world’s leading contract chipmaker and one of Apple’s main suppliers, has fallen victim to a data breach, as confirmed by the ransomware group LockBit.
TSMC hacked by LockBit ransomware
The breach occurred at one of TSMC’s IT hardware suppliers, Kinmax Technology. LockBit is now demanding a hefty ransom payment of $70 million in exchange for not leaking the stolen data. While TSMC reassures its customers that their information remains secure, the incident highlights the ongoing cybersecurity challenges faced by major players in the tech industry.
LockBit, a Russia-linked ransomware gang, listed TSMC as a victim on its dark web leak site and threatened to publish the stolen data unless the company pays the $70 million ransom. This demand stands as one of the largest known ransom demands in history, according to cybersecurity researcher William Thomas. However, the gang did not provide any concrete evidence of the stolen data.
A TSMC spokesperson confirmed the cybersecurity incident, attributing it to the breach at Kinmax Technology. The leaked information is said to be related to the server’s initial setup and configuration, rather than customer data. TSMC quickly terminated its data exchange with the affected supplier following the breach, adhering to the company’s security protocols and standard operating procedures. The chipmaker maintains that its business operations have not been compromised by the breach.
Kinmax Technology, the IT hardware supplier involved in the breach, released a statement expressing regret for the incident. The company revealed that its internal testing environment was attacked, resulting in the leakage of certain information. The leaked data primarily consisted of system installation preparations, provided by Kinmax to its customers as default configurations. The statement indicates that other customers of Kinmax Technology might have been affected, although the extent remains unknown.
While TSMC is a prominent customer of Kinmax Technology, it is not the only company affected by the breach. Kinmax’s partners include notable organizations such as Nvidia, HPE, Cisco, Microsoft, Citrix, and VMware. As of now, it is unclear whether these companies have been impacted by the breach, as they have not responded to inquiries from TechCrunch. This incident underscores the growing challenges faced by tech industry players in maintaining robust cybersecurity measures to safeguard their operations and customer data.
The recent data breach at TSMC follows a series of LockBit ransomware attacks globally. The U.S. Justice Department recently made an arrest and charged a Russian national for their alleged involvement in multiple LockBit attacks.
Read more:
- TSMC boosts 3nm chip production for upcoming Apple devices
- Apple procures 100% of TSMC’s N3 chips for iPhone 15 Pro and MacBook