Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed it’s experienced a data breach after being listed as a victim by the LockBit ransomware gang.
The Russia-linked LockBit ransomware gang listed TSMC on its dark web leak site on Thursday. The gang is threatening to publish data stolen from the company, which commands 60% of the global foundry market, unless the company pays a $70 million ransom demand. This is one of the largest known ransom demands in history, according to William Thomas, a cyber threat intelligence researcher at Equinix.
“In the case of payment refusal, also will be published points of entry into the network and passwords and logins company,” LockBit wrote. The gang didn’t provide any evidence of the data it had allegedly stolen.
Image Credits: TechCrunch (screenshot)
In a statement given to TechCrunch, a TSMC spokesperson — who emailed from a generic press email account and repeatedly declined to provide their name — confirmed that a “cybersecurity incident” at one of the company’s IT hardware suppliers, named as Kinmax Technology, led to the leak of “information pertinent to server initial setup and configuration.”
“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information,” the spokesperson added. “After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures.”
TSMC shared a copy of the communication it received from Kinmax Technology, an IT services and consulting organization that specializes in networking, cloud computing, storage, security and database management.
“In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked,” Kinmax said in its notice. “The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations.”
Kinmax added that it “would like to express our sincere apologies to the affected customers,” suggesting TSMC wasn’t its only partner affected by the incident.
Eric Huang, vice president of Kinmax Technology, declined to say how many of its customers had been impacted.
On its website, Kinmax claims that its partners include companies such as Nvidia — which declined to comment; HPE; Cisco; Microsoft; Citrix; and VMware. None of the remaining organizations have yet responded to TechCrunch’s questions, and it’s not known if they have been impacted by the incident.
This latest breach comes just weeks after the U.S. Justice Department announced it had arrested and charged a Russian national for his alleged role in multiple LockBit ransomware attacks against victims in the U.S. and around the world. On the same day this arrest was announced, LockBit claimed a ransomware attack on Indian pharmaceutical giant Granules India.