A malware incident created significant disruptions in the factories of Taiwan Semiconductor Manufacturing Company (TSMC), the world’s largest contract chipmaker.
TSMC’s most important customer is Apple, whose iPhone and iPad products use TSMC chips, but the company also supplies semiconductors to Qualcomm, Nvidia, AMD, MediaTek and Broadcom.
The company described the incident as a “computer virus outbreak” affecting an unspecified number of computer systems and fabrication tools in Taiwan.
TSMC said the piece of malware involved in the incident was a variant of the WannaCry ransomware.
TSMC said some its computer systems and equipment in its Taiwan plants were infected August 3 during software installation.
After they discovered the attack August 3, the foundry said it restored 80 percent of systems by August 5, with a full recovery expected by August 6.
The company expects the incident to have a significant impact on its revenue for the third quarter. One published report had the company’s revenue taking a hit of roughly $255 million.
“TSMC expects this incident to cause shipment delays and additional costs. We estimate the impact to third quarter revenue to be about three percent, and impact to gross margin to be about one percentage point. The Company is confident shipments delayed in third quarter will be recovered in the fourth quarter 2018, and maintains its forecast of high single-digit revenue growth for 2018 in U.S. dollars given on July 19, 2018,” TSMC said.
“Most of TSMC’s customers have been notified of this event, and the Company is working closely with customers on their wafer delivery schedule. The details will be communicated with each customer individually over the next few days,” the company added.
According to TSMC, the malware made its way onto the network due to “misoperation” during the installation of a new tool. The company said the incident did not affect data integrity and it did not result in confidential information getting compromised.
TSMC Chief Executive C.C. Wei said the incident was not a hack targeted at the company, but, rather, an oversight by employees to conduct virus scans properly.