Taiwan Semiconductor Manufacturing Company (TSMC) was forced to shut down a number of its factories over the weekend after a virus infected computer systems and fab tools.

TSMC is the world’s largest dedicated pure-play semiconductor foundry, manufacturing chips for companies including Xilinx, Nvidia, Qualcomm and AMD.

Switch the factory off and on again

TSMC Fab 5
TSMC Fab 5 – Wikimedia Commons/Peellden

In a statement, the company claimed that “the virus outbreak occurred due to misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company’s computer network.”

TSMC stressed that no data was compromised. In a press conference, the company added that the new software tool wasn’t isolated or checked to be virus-free. It was then connected to the network, spreading a WannaCry variant that infected systems running unpatched Windows 7, causing continuous reboots.

The same type of ransomware was making the headlines last year, after taking a number of services offline - including public sector organizations in Europe and the US.

The latest outbreak began on Friday, August 3, with the degree of infection varying by factory and tool; the company said it expects a full recovery today, August 6. “We are surprised and shocked,” chief executive officer C. C. Wei told reporters (via Bloomberg). “We have installed tens of thousands of tools before, and this is the first time this happened.”

In a statement, the company said that it “expects this incident to cause shipment delays and additional costs. We estimate the impact to third quarter revenue to be about three percent, and impact to gross margin to be about one percentage point.” The Financial Times notes that the company previously estimated third quarter revenue of $8.45bn-8.55bn, suggesting the incident cost it $255 million. TSMC does, however, expect to recover delayed shipments in the fourth quarter.

“Most of TSMC’s customers have been notified of this event, and the Company is working closely with customers on their wafer delivery schedule,” the statement said. “The details will be communicated with each customer individually over the next few days.”

The chip manufacturer said it had “taken actions to close this security gap and further strengthen security measures.”

In its annual report, the company had previously warned of the risks of cyber attacks, saying: “Even though we have established a comprehensive Internet and computing security network, we cannot guarantee that our computing systems which control or maintain vital corporate functions, such as our manufacturing operations and enterprise accounting, would be completely immune to crippling cyber attacks by any third party to gain unauthorized access to our internal network systems, to sabotage our operations and goodwill or otherwise.”