TSMC Data Breach; Hackers Demand $70m Ransom

Sunday, 2 July 2023
tsmc.jpg

Apple supplier TSMC, who manufacture all chips used in iPhones, iPads, and Macs, has confirmed a data breach on one of its suppliers. LockBit are claiming responsibility, and demanding a $70m ransom. While LockBit claim to have breached TSMC itself, TSMC is claiming that it is actually one of its own suppliers, Kinmax Technology, who was hit by the attack.

A sub-group of the LockBit ransomware gang by the name of National Hazard Agency published screenshots on Thursday, claiming they were directory listings of stolen files. The group is threatening to release the information on August 6 should TSMC not pay the ransom.

The wider LockBit ransomware gang have been responsible for several high-profile data breaches in the past, including attacks on the UK's Royal Mail in addition to several U.S. government websites. The group has ties to Russia and their public communications espouse a broadly anti-Western political view.

In a post on the dark web, the hacking group said "In the case of payment refusal, also will be published points of entry into the network and passwords and logins company."

A statement from a TSMC spokesperson confirmed that a "cybersecurity incident" had occurred at one of the company's IT hardware suppliers, Kinmax Technology, "which led to the leak of information pertinent to server initial setup and configuration."

"Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information," the spokesperson added. "After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company's security protocols and standard operating procedures."

While TSMC did not name explicitly Kinmax Technology as the supplier affected, the spokesperson directed further questions regarding the breach to Eric Huang, who is Vice President of Kinmax Technology. The spokesperson also shared a letter that TSMC received from Kinmax Technology about the break in.

"The leaked content mainly consisted of system installation preparation that the company provided to our customers as default configurations," the Kinmax Technology letter said. "We would like to express our sincere apologies to the affected customers, as the leaked information contained their names which may have caused some inconvenience," it continued.

"The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future."

LockBit continues to cause headaches for companies around the world, costing victims in the United States alone more than $90 million over the course of roughly 1,700 cyberattacks since 2020.

Enjoyed this article? Please consider donating!
Donate
* Alpha Safe journalism is funded exclusively by your donations. We care about your online safety, so we will never display ads, as they could serve you malicious content. We also believe journalism should be available for all, and will never hide our articles behind a paywall. As such, your donation would be very much appreciated.

Most Recent

31 July 2023

Hell Pizza Suffers Credential Stuffing Attack

14 July 2023

Wellington City Council Data Breach

8 July 2023

Event Secretary Data Breach

2 July 2023

TSMC Data Breach; Hackers Demand $70m Ransom

27 June 2023

Suncor Energy hit by Giant Cyberattack

21 June 2023

Kiwis Losing $2M Every Month To Cybercriminals

18 June 2023

Eftpos Provider Smartpay Suffers Ransomware Attack

17 June 2023

Colossal Louisiana Driver Licencing Data Breach

14 June 2023

Russian Hackers Breach Ulez Database

9 June 2023

Thousands of Companies' Data Stolen Through MOVEit Flaw