Chipmaker TSMC confirms data leak after a cyberattack targeted its supplier
- Sam Sabin, author ofAxios Codebook
A man walks past a logo of Taiwan Semiconductor Manufacturing Company during a shareholders' meeting on June 6. Photo: Sam Yeh/AFP via Getty Images.
Chip giant Taiwan Semiconductor Manufacturing Co. told Axios in a statement Friday that one of its IT hardware suppliers is responding to cybersecurity incident that resulted in some leaked company data.
Driving the news: Late Thursday, the LockBit ransomware gang claimed it had hacked TSMC and demanded a $70 million ransom to keep them from publishing data stolen from the attack.
- But TSMC said in its statement that the hackers actually hit one of their IT hardware suppliers instead.
- The attack "led to the leak of information pertinent to server initial setup and configuration," but it has not affected TSMC's business operations or customer information, the company said.
Why it matters: The hack of a TSMC supplier comes amid a wave of high-profile security incidents involving companies' third-party vendors, known as a supply chain attack.
- Hackers have learned that targeting suppliers can give them access to each of that organization's customers — increasing their odds of success.
What they're saying: "TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards," the company said in its statement. "This cybersecurity incident is currently under investigation that involves a law enforcement agency."
Details: Kinmax, an IT hardware supplier for TSMC, said in a press release on Friday that it discovered the attack Thursday morning.
- The attackers targeted an internal engineering testing environment, which has since been shutdown, and stole information about how to configure and install its systems, Kinmax said.
- TSMC said the company immediately terminated "its data exchange with this supplier."
Threat level: At the time, Kinmax said "no damage has been caused to the customer."
- The hackers only got insights into who some of Kinmax's customers are and information about the default configurations for its networks, which are likely changed after installation.
Yes, but: It's unclear if any other Kinmax customers have been affected, and it often takes at least a couple of days to determine the true extent of a supply chain attack.
Sign up for Axios’ cybersecurity newsletter Codebook here