TSMC faces $70 million LockBit ransom demand following hardware supplier breach

TSMC: Signage for Taiwan Semiconductor Manufacturing Co. (TSMC) during the company's annual shareholder meeting in Hsinchu, Taiwan.
(Image credit: Getty Images)

Taiwanese chipmaker TSMC could be facing one of the largest ransom demands in history amid reports that threat actors have gained access to sensitive company information. 

An affiliate group of LockBit’s ransomware as a service offering, known as National Hazard Agency, claims to have gained access to TSMC network entry points as well as staff login details following a breach at third-party IT supplier Kinmax. 

LockBit has officially listed TSMC on its dark web blog, setting the ransom demand at $70 million. 

The blog listing from LockBit fails to provide additional information on the extent of the data compromised in the breach, nor does it provide samples to confirm what has been stolen. 

LockBit has threatened that “in the case of payment refusal” it will publish stolen information on network entry points, as well as login details. 

In a statement, Kinmax confirmed it had suffered a security breach, revealing that its “internal specific testing environment” had been compromised. 

“The leaked content mainly consisted of system installation preparation that the company provided to our customer as default configurations,” Kinamax said. 

TSMC operations “not affected” by breach

TSMC told ITPro that it was aware that an IT hardware supplier had experienced a security incident, confirming that leaked data pertained to “server initial setup and configuration”. 


Colleagues in a tech lab all looking at a laptop

(Image credit: Trend Micro)

Supply chain as kill chain

Learn more about data hygiene, supply chain security, and omni-channel retail


However, the Taiwanese semiconductor giant has refuted claims that the attack has impacted its operations, adding that no customer information had been compromised in the breach. 

“This incident has not affected TSMC’s business operations, nor did it compromise any TSMC customer information,” the firm said in a statement. 

Upon discovery of the Kinmax incident, TSMC said it “immediately terminated” its data exchange with the supplier in accordance with company security protocols. 

The firm is also working with law enforcement following the discovery. 

“TSMC remains committed to enhancing the security awareness among its suppliers and making sure they comply with security standards,” the firm said. 

“This cyber security incident is currently under investigation that involves a law enforcement agency.”

This latest LockBit ransom demand marks one of the largest ever from a hacker group, putting it on par with REvil’s infamous demand in the wake of the Kaseya breach

The hefty ransom also eclipses previous demands made by LockBit, specifically the Pendragon breach in 2022 that was set at $60 million. 

In March 2021, Acer was targeted by REvil, the group that used to occupy the role of the most prolific ransomware organization, with a ransom set at a maximum $100 million.

The price was originally set at $50 million, a sum that REVil promised to increase sharply if it wasn’t paid quickly.

Ross Kelly
News and Analysis Editor

Ross Kelly is ITPro's News & Analysis Editor, responsible for leading the brand's news output and in-depth reporting on the latest stories from across the business technology landscape. Ross was previously a Staff Writer, during which time he developed a keen interest in cyber security, business leadership, and emerging technologies.

He graduated from Edinburgh Napier University in 2016 with a BA (Hons) in Journalism, and joined ITPro in 2022 after four years working in technology conference research.

For news pitches, you can contact Ross at ross.kelly@futurenet.com, or on Twitter and LinkedIn.