On July 1, TSMC recently confirmed to foreign technology media TechCrunch that the company was attacked by a cyber attack and some data was leaked.
A TSMC spokesperson said the cybersecurity incident resulted in a data breach “related to the initial setup and configuration of servers,” but that TSMC customer information was not affected.
Extortion group LockBit claimed responsibility for the security breach, listing the data on its website and demanding a ransom of $70 million.
LockBit said that if TSMC does not pay, it will also release passwords and login information. LockBit said the data was stolen from Kinmax Technology, which provides TSMC with IT services such as networking, cloud computing, storage and database management.
In recent years, global industrial security incidents have occurred frequently: different types of security threats such as malware, data breaches, and new ransomware attacks have taken turns:
In September 2020, Tal Semiconductor, an Israeli chip foundry, was attacked by a cyber attack, and in order to prevent the impact from expanding, the company suspended some servers and facilities; In November 2021, Danish wind turbine giant Vestas suffered a cyberattack that damaged part of its internal IT infrastructure and led to an as-yet-unspecified data breach; In March 2022, Japan’s Toyota supplier “Kojima Stamping Industry Co., LTD.” was attacked by a cyber attack, resulting in the shutdown of all 14 Toyota factories in Japan; In late May 2022, Foxconn’s production plant in Tijuana (Mexico) was attacked by ransomware and demanded to pay a ransom. These industrial Internet security incidents have affected the normal operation of the economy and society, and also sounded the alarm for China’s industrial security. Therefore, it is urgent to improve the security capability of China’s industrial Internet. In May 2023, Dragos, the first unicorn in the global industrial security market headquartered in Maryland, USA, suffered a suspected ransomware attack, in which a known ransomware criminal organization attempted to undermine Dragos’ security defense system and infiltrate Intranet encryption devices.
With the increasing awareness of global industrial information security risks and the increasing perfection of government regulations, the market size of global industrial information security products continues to expand, the growth rate of service market is accelerating, and the industrial ecosystem and market structure are further improved.
In recent years, under the joint promotion of national policies, industry laws and regulations and enterprise business needs, the digitalization and production automation transformation of industrial enterprises have been further accelerated, and industrial safety has become particularly important as the basis for the stable operation of enterprise business. Among them, industrial control security audit, as a key part of industrial network security construction, has been attached importance by many end users. It is precisely because of its important position in the construction of industrial safety, users have put forward higher requirements for its product performance, function, scene adaptation and other aspects of the ability. In the future, industrial control safety audit products will develop in the direction of intelligence, automation, visualization, coordination and industry on the basis of original capabilities, and truly help users solve security problems on the basis of compliance.