Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier

The group has given one of Apples biggest semiconductor suppliers until Aug. 6 to pay $70 million or risk having its data and points of entry to its network publicly leaked.

Taiwan Semiconductor Manufacturing Company (TSMC) — one of Apples biggest semiconductor suppliers — on Friday blamed a third-party IT hardware supplier for a data breach that has exposed the company to a $70 million ransom demand from the LockBit ransomware group.
In an emailed statement to Dark Reading, TSMC confirmed multiple reports about the security incident but did not say what data specifically LockBit actors might have accessed from its systems and is holding for ransom. The statement, however, described the incident as not affecting any of TSMCs business or customer information.
TSMC has recently been aware that one of our IT hardware suppliers experienced a cybersecurity incident, which led to the leak of information pertinent to server initial setup and configuration, the statement noted. It identified the third-party supplier as Kinmax Technology, a Hsinchu, Taiwan- based systems integrator that claims to work with numerous other major technology players, including Aruba, Checkpoint, Cisco, Citrix, Fortinet, Hewlett-Packard Enterprise, Microsoft, and VMware. Its unclear if any other customers are affected by the attack.
Meanwhile, a subgroup within the LockBit operation that calls itself the National Hazard Agency claimed that it has given TSMC up to Aug. 6 to pay the multimillion-dollar ransom or risk having the companys stolen data publicly leaked. The
threat actor claimed
that it would also publish what it described as points of entry into TSMCs network as well as passwords and login information for gaining access to it. The latter is catnip to cyberattackers given that TSMC is a juicy target: It reported a net income of some $34 billion on consolidated revenue of $75.8 billion in 2022.
TSMC said it had conducted a review of its hardware components and security configurations used in its systems, after Kinmax reported the incident, to determine the scope of the breach. After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company’s security protocols and standard operating procedures, the statement noted. The chipmaker said it remained committed to enhancing security awareness among its suppliers and in ensuring they complied with the companys security requirements.
Kinmax said it discovered the intrusion into its systems on June 29. The company described the attacker as having breached the companys engineering test environment and accessing system installation preparation information.
This is the system installation environment prepared for customers,
Kinmax said in a statement
on the incident. The captured content is parameter information such as installation configuration files.
The statement appeared to downplay the seriousness of the breach. The [breached] information has nothing to do with the actual application of the customer. It is only the basic setting at the time of shipment, the company said. The statement did not identify TSMC by name. But it somewhat bewilderingly claimed that the chipmaker (or others) had not experienced any negative consequences. At present, no damage has been caused to the customer and the customer has not been hacked by it, the June 30 statement noted.
In the statement shared with Dark Reading, the systems integrator expressed regret over the incident. We would like to express our sincere apologies to the affected customers, as the leaked information contained their names which may have caused some inconvenience. The company has thoroughly investigated this incident and implemented enhanced security measures to prevent such incidents from occurring in the future, the Kinmax statement said.
TSMC is the latest among a rapidly growing number of organizations that has experienced a data breach via a third-party compromise. News of the companys predicament comes even as reports continue to pour in about
numerous organizations falling victim to the Cl0p ransomware gang
because of a vulnerability in Progress Softwares widely used MOVEit Transfer app. Victims of that campaign so far include biopharma giant
AbbVie, Siemens, Schneider Electric, the University of California at Los Angles (UCLA)
.
Such breaches have brought IT supply chain security into sharp focus in recent years and made it a top priority in the Biden administrations May 2021
cybersecurity executive order
.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Chip Giant TSMC Blames $70M LockBit Breach on IT Hardware Supplier