TSMC, the world’s largest contract chipmaker, has experienced a security breach, according to reports. The breach, which occurred through a supplier, resulted in unauthorized access to certain information within TSMC’s network. However, TSMC has clarified that the breach did not directly impact its business operations or compromise any customer data. To ensure the security of its systems, the company took immediate action and terminated its data exchange with the supplier involved.
The National Hazard Agency has stated that it is prepared to disclose a list of “points of entry” into TSMC’s network, along with the corresponding passwords and login information. This move aims to shed light on the vulnerabilities that were exploited in the breach. The agency’s involvement highlights the significant implications of the security incident and the need for transparency in addressing cyber threats.
Lior Yaari, CEO and co-founder of Grip Security, emphasized the importance of machine identities in protecting sensitive data. He stated that securing both employee and machine identities is crucial, considering the widespread accessibility and utilization of data in today’s digital landscape. Companies that prioritize the protection of these identities are likely to be more resilient against cyber attacks compared to those that neglect this aspect of security.
Meanwhile, Kinmax, the supplier involved in the breach, has issued an apology to its customers. The company revealed that the intrusion was discovered in its internal testing environment on June 29. It clarified that the breached information primarily included system installation preparation data, which did not impact the actual application of the customer but only involved default configurations at the time of shipment. Kinmax assured its customers that no damage had been caused and their systems had not been hacked as a result of the breach.
At this stage, neither TSMC nor Kinmax have officially confirmed the claims made by LockBit, a ransomware group that allegedly possesses critical data belonging to TSMC. It is unknown whether either party intends to comply with the group’s demand for a $70 million ransom. Kinmax expressed its apologies to affected customers, acknowledging that the leaked information contained their names, which may have caused inconvenience.
This recent security breach serves as a reminder of the ongoing challenges companies face in securing their networks and protecting sensitive information. The incident highlights the need for robust cybersecurity measures, including the safeguarding of machine identities alongside employee identities. As technology continues to advance, organizations must remain vigilant to mitigate the risks posed by cyber threats.