Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

TSMC & hack group differ on whose data got stolen

Ransomware gang LockBit claims it has breached Apple chip supplier TSMC — but TSMC says no, the group only got into a minor supplier's systems and nothing of the processor firm's was taken.

LockBit has recently been targeting Apple Silicon in its ransomware attacks. Now it claims to have successfully gone after TSMC, the manufacturer that makes Apple Silicon processors.

According to TechCrunch, TSMC confirmed the data breach after the LockBit group publicized that its hack. The ransom demanded to prevent the stolen data being published is $70 million — but TSMC says the Russian-linked gang did not succeed in getting any of its data.

It's likely that TSMC is correct, rather than just attempting to reassure customers like Apple, because its claim that only one supplier was affected is backed up by that company.

TSMC told TechCrunch that a "cybersecurity incident" at Kinmax Technology did lead to the leaking of "information pertinent to server initial setup and configuration."

"Upon review, this incident has not affected TSMC's business operations, nor did it compromise any TSMC's customer information," continued the spokesperson. "After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company's security protocols and standard operating procedures."

Kinmax Technology agreed that the leaked data was to do with setup information.

"In the morning of June 29, 2023, the Company discovered that our internal specific testing environment was attacked, and some information was leaked," said a Kinmax spokesperson in a statement "The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations."

Kinmax has also said it would "like to express our sincere apologies to the affected customers," backing up TSMC's claim that it was merely one of the firm's clients, and not itself hacked.