However, the security breach “has not directly affected TSMC’s business operations, nor did it compromise any TSMC’s customer information,” the company added. “After the incident, TSMC has immediately terminated its data exchange with this supplier in accordance with the company’s security protocols and standard operating procedures.”
National Hazard Agency, said it is prepared to publish a list of what it calls “points of entry” into TSMC’s network and passwords and login information for them.
“This breach is a great example of why machine identities are just as important as employee identities,” said Lior Yaari, CEO and co-founder of Grip Security. “Data is everywhere and accessed from anywhere by anybody. Companies who are able to secure employee and machine identities will be more secure than those that cannot.”
Kinmax issues apology, downplays breach
Kinmax has issued a letter to its customers regarding an intrusion the supplier discovered within its internal testing environment on June 29, allowing unauthorized access to system installation preparation information. It said the breached information has nothing to do with the actual application of the customer, just the basic setting at the time of shipment.
“The leaked content mainly consisted of system installation preparation that the company provided to our customers as default configurations,” the Kinmax letter said. “At present, no damage has been caused to the customer and the customer has not been hacked by it.”
Neither TSMC nor Kinmax has publicly confirmed the claims made by LockBit regarding the unauthorized possession of critical TSMC data. Neither party has revealed whether any or both of them would pay the $70 million demand made. “We would like to express our sincere apologies to the affected customers, as the leaked information contained their names which may have caused some inconvenience,” Kinmax added in the letter.