A third-party data breach that began with systems integrator Kinmax Technology has flowed downstream to some big-name targets. The breach first compromised Taiwan-based hardware supplier TSMC, one of the world’s leading chip manufacturers (and wealthiest companies), and then potentially spread to indirectly impact Apple through them.
The full fallout of the data breach is still being measured as Kinmax lists some of tech’s leading names among its clients. TSMC is a longtime semiconductor supplier to Apple and is also the sole source of the processors that have powered Mac computers since 2020. Apple itself does not appear to have been breached as part of this chain, but the hardware supplier has disclosed that unspecified client system information preparation and configuration information was accessed by the attackers.
LockBit demanding $70 million ransom from Apple hardware supplier
Data extortion ransoms saw a bit of a lull toward the end of the previous decade, but roared back with the pandemic period and remain at record levels. Still, the $70 million being asked of TSMC is at the very high end of what is usual for these incidents. This could indicate that the attackers captured very sensitive data belonging to Apple or other clients, or they could simply be shooting for the moon given TSMC’s valuation of over $500 billion. There is no word yet from the hardware supplier about ransom negotiations or intent to pay.
There also remains the question of how far the original breach of Kinmax extends. The systems integration contractor lists some heavy hitters among its business partners: Microsoft, Cisco, Hewlett-Packard, VMWare, Aruba, Citrix and Red Hat among others. No other companies have yet stepped forward to disclose data breaches, but the wording of Kinmax’s disclosure (which was generally confusing) seemed to indicate that more than one client might be impacted.
The culprit behind the attack is Russia-based LockBit, which has been active since at least 2020 and has since grown to become one of the world’s largest ransomware and data extortion gangs. Even though they are highly successful, the $70 million ransom would be quite the coup for them should they manage to convince TSMC to pay; the group is thought to have racked up about $91 million in total payments in about three years now.
Kinmax, TSMC data breaches still being investigated
LockBit claims that the data it stole includes TSMC login credentials, as well as unspecified “points of entry” that would presumably be of interest to other hackers. The hardware supplier says that it has not found evidence of client information being accessed, so this might be the end of their branch of the data breach. Kinmax’s end remains up in the air. TSMC says it has terminated all data transfers with the contractor, but it is unclear if other Kinmax partners have taken similar action in the wake of the breach notification. For its part, Kinmax insists that none of its clients were impacted; however, it issued this statement the same day that TSMC confirmed its own data breach.