Apple Supplier TSMC Suffers Data Breach, Hackers Demand $70M

[MacRumors]

Apple supplier Taiwan Semiconductor Manufacturing Company today confirmed to TechCrunch that it recently suffered a data breach. TSMC is responsible for creating all of the A-series and M-series chips used in Apple devices.

A TSMC spokesperson said that a "cybersecurity incident" caused data "pertinent to server initial setup and configuration" to leak, but TSMC customer information was not impacted.

"Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information. After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company's security protocols and standard operating procedures."

Data from TSMC was listed on the LockBit ransomware gang's website on Thursday, with LockBit demanding $70 million to prevent it from publishing the stolen data. LockBit has attacked pharmaceutical companies, the UK's Royal Mail, U.S. government websites, and more.

LockBit says that if TSMC does not pay up, it will also publish passwords and logins. The data was stolen from Kinmax Technology, a company that provides IT services like networking, cloud computing, storage, and database management. Kinmax was working with TSMC, and on Thursday, told TSMC that its "internal specific testing environment was attacked," leading to the leak of "system installation preparation."

Other Kinmax partners include Microsoft, Cisco, and VMware, and it is not known if those companies were also impacted.

Article Link: Apple Supplier TSMC Suffers Data Breach, Hackers Demand $70M

 

[k1121j]

Sounds like they need another IT company.

 

[madmin]

Kin'ell this is major if Microsoft, Cisco and VMWare are also involved

 

[rpmurray]

... a "cybersecurity incident" caused data "pertinent to server initial setup and configuration" to leak ...

Why would this be worth $70M?

 

[TheYayAreaLiving 🎗️]

This better not delay the M2 iMac. If it does I'm so not going to be happy!

 

[Realityck]

A TSMC spokesperson said that a "cybersecurity incident" caused data "pertinent to server initial setup and configuration" to leak, but TSMC customer information was not impacted.

Doesn't sound like anything of value was compromised and that operations were impacted. But it's surely annoying to have it occur in the first place. Yes people at Kinmax Technology are not looking good.

 

[robertmorris2]

You would think that any company would have top security it would be this. They need to hire these hackers

 

[RedTheReader]

Great time to get into cybersecurity, boys. People need the protection.

 

[RalfTheDog]

I suspect TSMC has already changed their passwords. I don't think they would be too upset if the old ones were published.

 

[RalfTheDog]

You would think that any company would have top security it would be this. They need to hire these hackers

Never hire security that you don't trust.

 

[erikkfi]

Don't pay. Never pay. Payment is a reward for bad behavior.

 

[Biro]

Why do we, as a global society, continue to tolerate the existence of these professional hackers? It’s time to get medieval on their asses. And don’t tell me they’re too hard to find. We are simply unwilling to dedicate the resources to do so.

 

[Junipr]

Should’ve required their business partners to use biometrics like touchID/faceID and multi-factor identification instead of simple passwords but hey what do I know, they’re only a global leader in chip manufacturing

 

[Junipr]

Sounds like hey need another IT company.

From Kinmax to Kinmin real quick

 

[JMStearnsX2]

Great time to get into cybersecurity, boys. People need the protection.

I'm actually currently working on my Security+ creds.

 

[IIGS User]

It’s almost like digital shoplifting. No one ever seems to get caught, and if they do, nothing happens.

We all end up paying one way or another.

 

[sw1tcher]

Why do we, as a global society, continue to tolerate the existence of these professional hackers? It’s time to get medieval on their asses. And don’t tell me they’re too hard to find. We are simply unwilling to dedicate the resources to do so.

We already know a lot of these hackers are in countries like Russia, China, and N. Korea. What are we going to do, ask them to please kindly extradite them to the U.S. to stand trial? 🤣

U.S. charges North Korean hacker in Sony, WannaCry cyberattacks

The U.S. government on Thursday charged and sanctioned a North Korean man in the 2017 global WannaCry ransomware cyberattack and the 2014 cyberassault on Sony Corp <6758.T> <SNE.N>, U.S. officials said.

www.reuters.com

Three North Korean Military Hackers Indicted in Wide-Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe

A federal indictment unsealed today charges three North Korean computer programmers with participating in a wide-ranging criminal conspiracy to conduct a series of destructive cyberattacks, to steal and extort more than $1.3 billion of money and cryptocurrency from financial institutions and...

www.justice.gov

North Korea has hacked $1.2 billion in crypto and other assets for its economy

North Korean hackers have stolen an estimated $1.2 billion in cryptocurrency and other virtual assets in the past five years, more than half of it this year alone, South Korea's spy agency says.

www.npr.org

 

[Eriamjh1138@DAN]

Apple can just send them $70M in iTunes gift cards.

 

[Apples Apples Everywhere]

Completely preventing these attacks is incredibly difficult. Even the best technology companies on Earth can't entirely prevent it. It's a sad world.

 

[canadianreader]

it will also publish passwords and logins. The data was stolen from Kinmax Technology, a company that provides IT services like networking, cloud computing, storage, and database management.

How such a reputable company chooses to put logins, passwords and sensitive data in the cloud is beyond me.

 

[1147402]

... a "cybersecurity incident" caused data "pertinent to server initial setup and configuration" to leak ...

Why would this be worth $70M?

It's not worth 70M. They demands 70M, that's a big difference. They could say 1B or 100B all they like, but TSMC won't pay them anything.

 

[antiprotest]

... a "cybersecurity incident" caused data "pertinent to server initial setup and configuration" to leak ...

Why would this be worth $70M?

Inflation.

 

[flashflood]

It's impossible to fix all vulnerabilities -- we've got to start killing the people who exploit them.

 

[LawJolla]

... a "cybersecurity incident" caused data "pertinent to server initial setup and configuration" to leak ...

Why would this be worth $70M?

Think of the rock and hard place they're in.

Likely it's other company's IP in jeopardy. Those customers are worth a lot more than 70M.

 

[boswald]

I hope they didn't steal any schematics or trade secrets. Just imagine the fallout if a competitor figured out how to make M2-like machines.