Taiwan Semiconductor Manufacturing Company Limited Company CyberSecurity Posture
tsmc.com
None
Company Details
taiwan-semiconductor-manufacturing-company-limited
31
304
335
tsmc.com
0
TAI_1362656
In-progress
TSMCL Risk Score (AI oriented)Between 650 and 699
TSMCL Global Score (TPRM)XXXX
Description: In June 2023, Taiwan Semiconductor Manufacturing Company (TSMC), the world's leading microchip manufacturer, fell victim to a significant cyberattack orchestrated by the LockBit ransomware group. The attackers managed to breach TSMC's security and stole sensitive data, demanding a hefty ransom of $70 million for not releasing the stolen information. The breach specifically occurred due to a security incident at one of TSMC's IT providers, Kinmax Technology, during the initial setup and configuration of a server. This event highlighted the cascading risk third-party vendors can pose to global technology leaders. The company faced the threat of having their network entry points and access credentials publicly disclosed by the extortionists. This breach showcases the high stakes involved when leading technology companies are targeted, as it risks exposing critical supply chain details, proprietary technology, and sensitive corporate data.
Description: In June 2023, Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest semiconductor manufacturer, encountered a significant cybersecurity incident. The LockBit ransomware group executed a data breach, demanding a ransom of $70 million from TSMC to prevent the disclosure of the stolen data. This event was traced back to a security lapse during the initial setup and configuration of a server by one of TSMC's IT providers, Kinmax Technology. LockBit threatened to publish sensitive data related to TSMC's network entry points and access credentials, putting the semiconductor giant at risk of further cyber threats. The breach underscores the critical importance of robust cybersecurity measures across tech providers and their supply chain partners.
No incidents recorded for Taiwan Semiconductor Manufacturing Company Limited in 2025.
No incidents recorded for Taiwan Semiconductor Manufacturing Company Limited in 2025.
No incidents recorded for Taiwan Semiconductor Manufacturing Company Limited in 2025.
TSMCL cyber incidents detection timeline including parent company and subsidiaries
None
Havells India Limited is a leading FMEG company with a strong global presence, manufacturing a wide range of electrical products for residential, commercial, and industrial use. Key brands include Havells, Havells Studio, Lloyd, Havells Crabtree, Standard Electricals and REO. With a focus on innova
We’re the manufacturing partner of choice that helps a diverse customer base design and build products that improve the world. We love to hear your thoughts, comments and ideas so feel free to like, share and comment away. Any question or opinion is good to go as long as it is respectful and falls
Keysight empowers innovators to explore, design, and bring world-changing technologies to life. As the industry’s premier global innovation partner, Keysight’s software-centric solutions serve engineers across the design and development environment, enabling them to deliver tomorrow’s breakthroughs
At Dyson we are focused on solving the problems that others have ignored; solving them first using our technology and ingenuity. In order to achieve this we need to pioneer technologies that are different and authentic. This is the core of what we do and who we are. We must strive to create the futu
Eaton is an intelligent power management company dedicated to improving the quality of life and protecting the environment for people everywhere. We are guided by our commitment to do business right, to operate sustainably and to help our customers manage power ─ today and well into the future. By c
*Five companies produce electric power in the Arab Republic of Egypt follow to the Egyptian Electricity Holding Company, which is following to Ministry of Electricity and Energy. Cairo electricity production Company contributes by 20% of the total electrical energy produced by the production compa
Sanmina Corporation (Nasdaq: SANM) is a leading integrated manufacturing solutions provider serving the fastest-growing segments of the global Electronics Manufacturing Services (EMS) market. Recognized as a technology leader, Sanmina Corporationprovides end-to-end manufacturing solutions, deliverin
Established in 1964, BHEL is one of India's largest engineering and manufacturing enterprises in the energy and infrastructure sectors, and a leading power equipment manufacturer globally. BHEL serves the core sectors of the economy and provides a comprehensive portfolio of products, systems and ser
Founded in 1961, WEG is a global electric-electronic equipment company, operating mainly in the capital goods sector with solutions in electric machines, automation and paints for several sectors, including infrastructure, steel, pulp and paper, oil and gas, mining, among many others. WEG stands ou
.png)
A Canadian company left for dead in 2016 is now advancing Ottawa's regional interests more effectively than many government initiatives.
Blue Cloud Softech Solutions has signed a Letter of Intent with BlackDice Cyber Ltd to co-develop AI-based cybersecurity solutions for 5G...
Taiwan Semiconductor Industry Association (TSIA) chairman and Taiwan Semiconductor Manufacturing Company (TSMC) senior vice president and...
Taiwan-Israel: behind the scenes of a discreet partnership (2/2) – Behind apparent standard technological agreements, Israeli and Taiwanese...
Taiwan is confronting critical workforce challenges as declining birth rates and an aging population lead to labor shortages and structural...
Introduction - What is a Cyber Arms Race? The Cyber Arms Race can trace its roots to 1949 when the Soviet Union tested their first nuclear...
Taiwan Semiconductor Manufacturing Company (TSMC), the world's largest and most advanced chipmaker, announced on Tuesday it had fired two...
This policy brief analyzes the FPGA supply chain for US firms and the trade-offs these companies make among risks to cost, availability,...
A 2018 incident at TSMC was just one of multiple costly issues for the sector in recent years. The industry has since pulled together to...
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
The official website of Taiwan Semiconductor Manufacturing Company Limited is http://www.tsmc.com.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited’s AI-generated cybersecurity score is 689, reflecting their Weak security posture.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited is not certified under SOC 2 Type 1.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited does not hold a SOC 2 Type 2 certification.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited is not listed as GDPR compliant.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited does not currently maintain PCI DSS compliance.
According to Rankiteo, Taiwan Semiconductor Manufacturing Company Limited is not compliant with HIPAA regulations.
According to Rankiteo,Taiwan Semiconductor Manufacturing Company Limited is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Taiwan Semiconductor Manufacturing Company Limited operates primarily in the Appliances, Electrical, and Electronics Manufacturing industry.
Taiwan Semiconductor Manufacturing Company Limited employs approximately 31 people worldwide.
Taiwan Semiconductor Manufacturing Company Limited presently has no subsidiaries across any sectors.
Taiwan Semiconductor Manufacturing Company Limited’s official LinkedIn profile has approximately 304 followers.
Taiwan Semiconductor Manufacturing Company Limited is classified under the NAICS code 335, which corresponds to Electrical Equipment, Appliance, and Component Manufacturing.
No, Taiwan Semiconductor Manufacturing Company Limited does not have a profile on Crunchbase.
Yes, Taiwan Semiconductor Manufacturing Company Limited maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/taiwan-semiconductor-manufacturing-company-limited.
As of December 07, 2025, Rankiteo reports that Taiwan Semiconductor Manufacturing Company Limited has experienced 2 cybersecurity incidents.
Taiwan Semiconductor Manufacturing Company Limited has an estimated 9,284 peer or competitor companies worldwide.
Incident Types: The types of cybersecurity incidents that have occurred include Vulnerability and Ransomware.
Title: TSMC Ransomware Attack by LockBit
Description: In June 2023, Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest semiconductor manufacturer, encountered a significant cybersecurity incident. The LockBit ransomware group executed a data breach, demanding a ransom of $70 million from TSMC to prevent the disclosure of the stolen data. This event was traced back to a security lapse during the initial setup and configuration of a server by one of TSMC's IT providers, Kinmax Technology. LockBit threatened to publish sensitive data related to TSMC's network entry points and access credentials, putting the semiconductor giant at risk of further cyber threats. The breach underscores the critical importance of robust cybersecurity measures across tech providers and their supply chain partners.
Date Detected: June 2023
Type: Ransomware
Attack Vector: Server misconfiguration
Vulnerability Exploited: Security lapse during server setup and configuration
Threat Actor: LockBit ransomware group
Motivation: Financial gain
Title: LockBit Ransomware Attack on TSMC
Description: In June 2023, Taiwan Semiconductor Manufacturing Company (TSMC), the world's leading microchip manufacturer, fell victim to a significant cyberattack orchestrated by the LockBit ransomware group. The attackers managed to breach TSMC's security and stole sensitive data, demanding a hefty ransom of $70 million for not releasing the stolen information. The breach specifically occurred due to a security incident at one of TSMC's IT providers, Kinmax Technology, during the initial setup and configuration of a server. This event highlighted the cascading risk third-party vendors can pose to global technology leaders. The company faced the threat of having their network entry points and access credentials publicly disclosed by the extortionists. This breach showcases the high stakes involved when leading technology companies are targeted, as it risks exposing critical supply chain details, proprietary technology, and sensitive corporate data.
Date Detected: June 2023
Type: Ransomware
Attack Vector: Compromised Third-Party Vendor
Vulnerability Exploited: Security Incident During Server Setup
Threat Actor: LockBit Ransomware Group
Motivation: Financial Gain
Common Attack Types: The most common types of attacks the company has faced is Ransomware.
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Server misconfiguration and Third-Party Vendor.
Data Compromised: Sensitive data related to TSMC's network entry points and access credentials
Data Compromised: Sensitive corporate data, Proprietary technology, Supply chain details
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Network entry points and access credentials, Sensitive Corporate Data, Proprietary Technology, Supply Chain Details and .
Entity Name: Taiwan Semiconductor Manufacturing Company (TSMC)
Entity Type: Semiconductor Manufacturer
Industry: Technology
Location: Taiwan
Size: Large
Entity Name: Taiwan Semiconductor Manufacturing Company (TSMC)
Entity Type: Company
Industry: Technology
Location: Taiwan
Entity Name: Kinmax Technology
Entity Type: IT Provider
Industry: Technology
Type of Data Compromised: Network entry points and access credentials
Sensitivity of Data: High
Type of Data Compromised: Sensitive corporate data, Proprietary technology, Supply chain details
Sensitivity of Data: High
Ransom Demanded: $70 million
Ransomware Strain: LockBit
Data Exfiltration: True
Ransom Demanded: $70 million
Ransomware Strain: LockBit
Data Exfiltration: True
Lessons Learned: The breach underscores the critical importance of robust cybersecurity measures across tech providers and their supply chain partners.
Key Lessons Learned: The key lessons learned from past incidents are The breach underscores the critical importance of robust cybersecurity measures across tech providers and their supply chain partners.
Entry Point: Server misconfiguration
Entry Point: Third-Party Vendor
High Value Targets: Network Entry Points, Access Credentials,
Data Sold on Dark Web: Network Entry Points, Access Credentials,
Root Causes: Security lapse during server setup and configuration
Root Causes: Security Incident During Server Setup
Last Ransom Demanded: The amount of the last ransom demanded was $70 million.
Last Attacking Group: The attacking group in the last incident were an LockBit ransomware group and LockBit Ransomware Group.
Most Recent Incident Detected: The most recent incident detected was on June 2023.
Most Significant Data Compromised: The most significant data compromised in an incident were Sensitive data related to TSMC's network entry points and access credentials, Sensitive Corporate Data, Proprietary Technology, Supply Chain Details and .
Most Sensitive Data Compromised: The most sensitive data compromised in a breach were Sensitive Corporate Data, Proprietary Technology, Sensitive data related to TSMC's network entry points and access credentials and Supply Chain Details.
Highest Ransom Demanded: The highest ransom demanded in a ransomware incident was $70 million.
Most Significant Lesson Learned: The most significant lesson learned from past incidents was The breach underscores the critical importance of robust cybersecurity measures across tech providers and their supply chain partners.
Most Recent Entry Point: The most recent entry point used by an initial access broker were an Server misconfiguration and Third-Party Vendor.
Most Significant Root Cause: The most significant root cause identified in post-incident analysis was Security lapse during server setup and configuration, Security Incident During Server Setup.
.png)
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: hide VRAM sysfs attributes on GPUs without VRAM Otherwise accessing them can cause a crash.
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix NULL pointer dereference in VRAM logic for APU devices Previously, APU platforms (and other scenarios with uninitialized VRAM managers) triggered a NULL pointer dereference in `ttm_resource_manager_usage()`. The root cause is not that the `struct ttm_resource_manager *man` pointer itself is NULL, but that `man->bdev` (the backing device pointer within the manager) remains uninitialized (NULL) on APUs—since APUs lack dedicated VRAM and do not fully set up VRAM manager structures. When `ttm_resource_manager_usage()` attempts to acquire `man->bdev->lru_lock`, it dereferences the NULL `man->bdev`, leading to a kernel OOPS. 1. **amdgpu_cs.c**: Extend the existing bandwidth control check in `amdgpu_cs_get_threshold_for_moves()` to include a check for `ttm_resource_manager_used()`. If the manager is not used (uninitialized `bdev`), return 0 for migration thresholds immediately—skipping VRAM-specific logic that would trigger the NULL dereference. 2. **amdgpu_kms.c**: Update the `AMDGPU_INFO_VRAM_USAGE` ioctl and memory info reporting to use a conditional: if the manager is used, return the real VRAM usage; otherwise, return 0. This avoids accessing `man->bdev` when it is NULL. 3. **amdgpu_virt.c**: Modify the vf2pf (virtual function to physical function) data write path. Use `ttm_resource_manager_used()` to check validity: if the manager is usable, calculate `fb_usage` from VRAM usage; otherwise, set `fb_usage` to 0 (APUs have no discrete framebuffer to report). This approach is more robust than APU-specific checks because it: - Works for all scenarios where the VRAM manager is uninitialized (not just APUs), - Aligns with TTM's design by using its native helper function, - Preserves correct behavior for discrete GPUs (which have fully initialized `man->bdev` and pass the `ttm_resource_manager_used()` check). v4: use ttm_resource_manager_used(&adev->mman.vram_mgr.manager) instead of checking the adev->gmc.is_app_apu flag (Christian)
In the Linux kernel, the following vulnerability has been resolved: exfat: fix improper check of dentry.stream.valid_size We found an infinite loop bug in the exFAT file system that can lead to a Denial-of-Service (DoS) condition. When a dentry in an exFAT filesystem is malformed, the following system calls — SYS_openat, SYS_ftruncate, and SYS_pwrite64 — can cause the kernel to hang. Root cause analysis shows that the size validation code in exfat_find() does not check whether dentry.stream.valid_size is negative. As a result, the system calls mentioned above can succeed and eventually trigger the DoS issue. This patch adds a check for negative dentry.stream.valid_size to prevent this vulnerability.
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible memory leak in smb2_read() Memory leak occurs when ksmbd_vfs_read() fails. Fix this by adding the missing kvfree().
In the Linux kernel, the following vulnerability has been resolved: smb/server: fix possible refcount leak in smb2_sess_setup() Reference count of ksmbd_session will leak when session need reconnect. Fix this by adding the missing ksmbd_user_session_put().
Get company history
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rapid