Chipmaking giant TSMC denied being hacked after the LockBit ransomware gang demanded $70 million not to release stolen data.
While this Twitter thread has since been deleted, the LockBit ransomware gang created a new entry for TSMC yesterday on their data leak site, demanding $70 million or they would leak stolen data, including credentials for their systems.
“In the case of payment refusal, also will be published points of entry into the network and passwords and logins company,” reads the LockBit data leak entry for TSMC. A TSMC spokesperson told BleepingComputer that they were not breached, but rather the systems of one of their IT hardware suppliers, Kinmax Technology, were hacked.
Apart from validating that its systems had not been impacted in any way, TSMC states that it also stopped working with the breached supplier until the situation cleared up.
“After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures. TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards,” continued TSMC. Finally, the semiconductor company told BleepingComputer that the investigation of the cybersecurity incident continues and also involves a law enforcement agency.
Kinmax is not the corporate giant that TSMC is, so LockBit’s demands for a $70 million ransom payment will likely be ignored.
