TSMC Blames Data Breach On Attack Against System Integrator

The chipmaker, a key supplier to Apple, says that its breach stemmed from an earlier attack against Kinmax Technology, which had supplied TSMC with hardware. Cybercriminal group LockBit has demanded $70 million from TSMC to not post stolen data on its dark web site.

Taiwan chip giant TSMC confirmed it suffered impacts from a data breach Friday, which the contract manufacturer blamed on a cyberattack against a system integrator that had supplied the company with hardware.

In an unsigned statement provided to CRN, TSMC said its business operations and customer data were not impacted in the attack, which the chipmaker said derived from an attack against Taiwan-based system integrator Kinmax Technology Inc.

[Related: The 10 Biggest Data Breaches of 2023 (So Far)]

TSMC acknowledged the breach after LockBit, a prolific Russian-speaking cybercriminal group, disclosed on its dark web site Thursday that it has acquired TSMC data.

LockBit threatened to publish the data unless it receives a $70 million payment. That amount is tied for the fourth-largest ransom demand to date, according to Equinix’s William Thomas.

The cybercrime group also threatened to post “points of entry into the [TSMC] network” along with passwords if it’s not paid the extortion demand by a deadline of Aug. 6.

TSMC — which stands for Taiwan Semiconductor Manufacturing Co. — is the world’s largest semiconductor foundry by far. The company’s biggest and highest-profile client is Apple, and the manufacturer has long produced key chips for Apple devices including the iPhone.

‘Leak Of Information’

TSMC said in its statement Friday that “one of our IT hardware suppliers experienced a cybersecurity incident which led to the leak of information pertinent to server initial setup and configuration.”

“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any [of] TSMC’s customer information,” the company said in the statement.

TSMC provided a separate letter that it said was from Kinmax Technology, which indicates the attack was discovered on Thursday morning.

At that point, Kinmax “discovered that our internal specific testing environment was attacked, and some information was leaked,” according to the letter from Kinmax. “The leaked content mainly consisted of system installation preparation that the company provided to our customers as default configurations.”

Kinmax has elsewhere identified itself as a Taiwan-based system integrator that focuses on IT segments including networking, cloud, storage and cybersecurity.

A Kinmax executive declined to disclose to TechCrunch how many customers were affected by the attack.

CRN has contacted Kinmax for comment.

Kinmax said on its website that it partners with a number of major tech vendors including Hewlett Packard Enterprise, Microsoft, Cisco, VMware, NetApp and Nvidia.

TSMC said in its statement that it has “terminated its data exchange with this concerned supplier,” and noted that the incident remains under investigation, with law enforcement now involved.

In the chip foundry market, TSMC boasted market share of 60.1 percent during the first quarter of the year, well above the 12.4-percent share of No. 2 foundry Samsung, according to chip research firm TrendForce.