Data Breach: TSMC, Apple's Key Supplier, Faces LockBit Ransomware Threat

Data Breach: TSMC, Apple's Key Supplier

Recently, Taiwan Semiconductor Manufacturing Company (TSMC), a key supplier of Apple components, suffered a data breach caused by a third party, Kinmax Technology, their IT hardware supplier. This incident resulted in a data leak related to the initial configuration and setup of the server. In this case, the LockBit ransomware group demanded a ransom of $70 million from TSMC with the threat of publishing the stolen data if the ransom was not paid before August 6, 2023.

LockBit also claimed that it would publish the "entry points" to TSMC's network as well as the passwords and login information used to access it. This is attractive to cyber attackers because TSMC is an attractive target. TSMC has conducted a review of their hardware components and security configuration after receiving a report from Kinmax regarding this incident. They have also stopped exchanging data with the supplier in accordance with their security protocols and operational procedures.

On June 29, 2023, Kinmax announced that they had discovered an intrusion into their system. They mentioned that the perpetrator had hacked into the company's engineering test environment and accessed system installation preparation information. Kinmax has thoroughly investigated this incident and implemented enhanced security measures to prevent similar incidents from occurring in the future.

This situation came to light when many organizations reported falling victim to the ransomware group. Some of those victims include Siemens, the University of California at Los Angeles (UCLA), AbbVie, and Schneider Electric. This kind of data breach has been a concern in IT supply chain security in recent years, and the Biden administration made it a top priority in its cyber security executive order in 2021.

The point of this article is that TSMC, Apple's largest chip supplier, faced threats and ransom demands from the LockBit ransomware group. Despite this, the issue did not affect TSMC's business or customer information.