Slashdot Mirror
World's Largest Chip Maker Will Lose $250M For Not Patching Windows 7 Computers (networkworld.com)
A major virus infection forced the closure of Taiwan Semiconductor Manufacturing Company (TSMC) factories last weekend..." writes Slashdot reader Mark Wilson, noting that it's the largest semiconductor manufacturer in the world, selling chips to Apple, Nvidia, AMD, Qualcomm, and Broadcom, and "responsible for producing iPhone processors."
Now Network World reports: The infection struck on Friday, August 3, and affected a number of unpatched Windows 7 computer systems and fab tools over two days. TSMC said it was all back to normal by Monday, August 6. TSMC did not say it was WannaCry, aka WannaCrypt, in its updates, but reportedly blamed WannaCry in follow-up conference calls with the press.... The company said this incident would cause shipment delays and additional costs estimated at 3 percent of third quarter revenue. The company had previously forecast revenues of $8.45 billion to $8.55 billion for its September quarter. A 3 percent loss would mean $250 million, though actual losses may come out lower than that. Still, that's a painful hit. TSMC also said no customer data was compromised....
TSMC isn't directly to blame here; someone [an infected production tool provided by an unidentified vendor] brought WannaCry into their offices and behind their firewall, but TSMC is still culpable because it left systems unpatched more than a year after WannaCry hit.
Now Network World reports: The infection struck on Friday, August 3, and affected a number of unpatched Windows 7 computer systems and fab tools over two days. TSMC said it was all back to normal by Monday, August 6. TSMC did not say it was WannaCry, aka WannaCrypt, in its updates, but reportedly blamed WannaCry in follow-up conference calls with the press.... The company said this incident would cause shipment delays and additional costs estimated at 3 percent of third quarter revenue. The company had previously forecast revenues of $8.45 billion to $8.55 billion for its September quarter. A 3 percent loss would mean $250 million, though actual losses may come out lower than that. Still, that's a painful hit. TSMC also said no customer data was compromised....
TSMC isn't directly to blame here; someone [an infected production tool provided by an unidentified vendor] brought WannaCry into their offices and behind their firewall, but TSMC is still culpable because it left systems unpatched more than a year after WannaCry hit.
It appears that the affected machines were those running process control systems. Because of their VERY finicky nature (and usually being designed to be used on a closed intranet), they almost NEVER apply post-production patches.
I once worked on a medical device where each and very build installed MUST be a bit-perfect replication of the original. Any new release went through horrific levels of qualification and then IT had to be bit-perfect until the next release.
The typical "patch Tuesday" crap just cannot work in these environments.
Just delayed until the next quarter.
Also, lower revenues are not money "lost".
Also, a newer story says it's $170 M, (2% of revenue), not $250M: https://digitimes.com/news/a20...
But it wouldn't be a modern news story without a bunch of exaggeration and misunderstood info, would it? The important thing isn't the correct facts, the important thing is to point and laugh at someone's misfortune. Because news...