Posted on July 3, 2023 at 7:15 AM
Taiwan Semiconductor Manufacturing Company (TSMC) has confirmed a data breach. TSMC is the largest contract chipmaker globally, and it has now confirmed that it was targeted by a hacking campaign.
TSMC confirms a data breach
TSMC confirmed this breach after being listed among the victims of a hack by the LockBit ransomware group. LockBit is a ransomware hacker group that is linked to Russia. TSMC was listed on the dark web leak site for the ransomware group last week.
The hacker group has threatened to leak the information that was stolen from the company following the hacking campaign. Such a leak could be detrimental to the company given that it has a command of 60% of the global foundry market.
The hackers are threatening to release this data if they do not receive a ransom payment of $70 million. The amount demanded by the hacker group is the largest known ransom demand in history, according to William Thomas. The latter is a cybersecurity intelligence researcher working at Equinix.
The message posted by the LockBit ransomware gang on its data leak website said that if the chipmaker failed to pay the demanded amount, it would release points of entry into the network. It has also threatened to publish more information related to the company, including the passwords and the login data.
The ransomware gang has not provided any evidence proving that it has access to the data it claims to have stolen. A spokesperson from the chipmaker spoke to TechCrunch, confirming that, indeed, a breach had happened at the company. The spokesperson declined to reveal their identity but claimed that a breach targeted Kinmax Technology.
Breach related to a third-party IT hardware supplier
Kinmax Technology is the IT hardware supplier for the company. The breach on this supplier led to a leak of information contained in the initial setup and the configuration of the server. The hackers might have accessed this information, and they might now be threatening to release it if a ransom payment is not paid.
The spokesperson noted that the breach had not compromised the company’s business operations and customer data. The company further said that it ceased to use the supplier in question in compliance with the security measures that have been put in place. The action taken by the company was also a standard operating procedure.
“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information. After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures,” the spokesperson said.
TSMC has also shared a copy of the communication that it obtained from Kinmax Technology. Kinmax Technology is an IT services and consultancy organization. The organization specializes in a wide range of roles, such as networking, cloud computing, security, database management, and storage.
The notice released by Kinmax on the matter said that it first detected a breach in its systems on June 29, 2023. The company said that it detected its internal specific testing environment was targeted by hackers, and some information was leaked by the hackers.
The content leaked by the hacker comprised system installation preparation that the company shared with its customers as the default configurations. Kinmax Technology has also said that it regretted the situation that happened, and it has also sent an apology to the affected customers.
The notice indicates that TSMC was not the only customer that was affected by this security incident. The vice president of Kinmax Technology has also shared to provide the number of customers that were affected by the breach.
The website of Kinmax Technology shows that it has strategic partners across the technological industry. Some of its key partners include top companies like Nvidia, which is yet to issue a statement on the matter. The other listed partners on the website include Cisco, Citrix, HPE, Microsoft, and VMware.
None of the other organizations listed on the website have yet to issue a statement on the matter and whether they have been affected by the security breach. Nevertheless, the breach comes at a time when cybersecurity incidents have been many.
This breach comes weeks after the US Justice Department said that it had arrested and charged a Russian national over the role that he played in conducting several ransomware attacks as part of the LockBit hacker group. The ransomware group has conducted a variety of hacking attacks targeting large players.