Aug 8, 2018 1:28 PM PT

Chip maker TSMC will lose millions for not patching its computers

Chip-making giant TSMC will lose hundreds of millions of dollars for failing to patch its Windows 7 computers, which were infected by the WannaCry virus.

Reuters

Taiwanese chip-making giant Taiwan Semiconductor Manufacturing Co. (TSMC), whose customers include Apple, Nvidia, AMD, Qualcomm, and Broadcom, was hit with a WannaCry infection last weekend that knocked out production for a few days and will cost the firm millions of dollars.

Most chip companies are fabless, meaning they don’t make their own chips. It’s a massively expensive process, as Intel has learned. Most, like the aforementioned firms, simply design the chips and farm out the manufacturing process, and TSMC is by far the biggest player in that field.

CEO C.C. Wei told Bloomberg that TSMC wasn’t targeted by a hacker; it was an infected production tool provided by an unidentified vendor that was brought into the company. The company is overhauling its procedures after encountering a virus more complex than initially thought, he said.

The infection struck on Friday, Aug., 3, and affected a number of unpatched Windows 7 computer systems and fab tools over two days. TSMC said it was all back to normal by Monday, Aug. 6. TSMC did not say it was WannaCry, aka WannaCrypt, in its updates, but reportedly blamed WannaCry in follow-up conference calls with the press.

Windows 7 was particularly hard hit by WannaCry, and while I am mindful of businesses being slow to migrate, if you are going to use an old operating system, you better be on top of security.

The company said this incident would cause shipment delays and additional costs estimated at 3 percent of third quarter revenue.

The company had previously forecast revenues of $8.45 billion to $8.55 billion for its September quarter. A 3 percent loss would mean $250 million, though actually losses may come out lower than that. Still, that’s a painful hit. TSMC also said no customer data was compromised.

So, can you afford a 3 percent revenue hit? If the answer is no, then check your darned systems. TSMC isn’t directly to blame here; someone brought WannaCry into their offices and behind their firewall, but TSMC is still culpable because it left systems unpatched more than a year after WannaCry hit.

Security firm Kryptos Logic estimates there are still tens of millions of still unpatched computers, clients and servers, all of them ripe for exploitation. Anyone infected with WannaCry now has no one to blame but themselves because fixes from Microsoft and assorted Linux vendors have been out there for months.

Now, check your computers.