Chipmaker TSMC said on Friday that one of its hardware suppliers experienced a “security incident” that allowed the attackers to obtain configurations and settings for some of the servers the company uses in its corporate network. The disclosure came a day after the LockBit ransomware crime syndicate listed TSMC on its extortion site and threatened to publish the data unless it received a payment of $70 million.
The hardware supplier, Kinmax Technology, confirmed that one of its test environments had been attacked by an external group, which was then able to retrieve configuration files and other parameter information. The company said it learned of the breach on Thursday and immediately shut down the compromised systems and notified the affected customer.
“Since the above information has nothing to do with the actual application of the customer, it is only the basic setting at the time of shipment,” Kinmax officials wrote. “At present, no damage has been caused to the customer, and the customer has not been hacked by it.”