Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker, has confirmed it’s skilled a data breach after being listed as a sufferer by the LockBit ransomware gang.
The Russia-linked LockBit ransomware gang listed TSMC on its darkish net leak web site on Thursday. The gang is threatening to publish data stolen from the corporate, which instructions 60% of the worldwide foundry market, until the corporate pays a $70 million ransom demand. This is likely one of the largest recognized ransom calls for in historical past, according to William Thomas, a cyber risk intelligence researcher at Equinix.
“In the case of payment refusal, also will be published points of entry into the network and passwords and logins company,” LockBit wrote. The gang didn’t present any proof of the data it had allegedly stolen.
Source: TechCrunch (screenshot)
In an announcement given to TechCrunch, a TSMC spokesperson — who emailed from a generic press e mail account and repeatedly declined to offer their title — confirmed {that a} “cybersecurity incident” at one of many firm’s IT {hardware} suppliers, named as Kinmax Technology, led to the leak of “information pertinent to server initial setup and configuration.”
“Upon review, this incident has not affected TSMC’s business operations, nor did it compromise any TSMC’s customer information,” the spokesperson added. “After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures.”
TSMC shared a duplicate of the communication it acquired from Kinmax Technology, an IT companies and consulting group that makes a speciality of networking, cloud computing, storage, safety and database administration.
“In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked,” Kinmax mentioned in its discover. “The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations.”
Kinmax added that it “would like to express our sincere apologies to the affected customers,” suggesting TSMC wasn’t its solely associate affected by the incident.
Eric Huang, vice chairman of Kinmax Technology, declined to say what number of of its clients had been impacted.
On its website, Kinmax claims that its companions embrace firms akin to HPE, Cisco, Microsoft, Citrix and VMware. None of those listed organizations have but responded to TechCrunch’s questions, and it’s not recognized if they’ve been impacted by the incident.
This newest breach comes simply weeks after the U.S. Justice Department introduced it had arrested and charged a Russian national for his alleged function in a number of LockBit ransomware assaults in opposition to victims within the U.S. and all over the world. On the identical day this arrest was introduced, LockBit claimed a ransomware attack on Indian pharmaceutical giant Granules India.
![[Investigation] EU’s Just Transition Fund excludes local bodies and puts workers at risk](https://media.euobserver.com/a381ea593a49120e61d73adbde9fa2ad-800x.jpg)
