TSMC provided a bit of a post mortem on what happened. The company said:
This virus outbreak occurred due to misoperation during the software installation process for a new tool, which caused a virus to spread once the tool was connected to the Company's computer network. Data integrity and confidential information was not compromised. TSMC has taken actions to close this security gap and further strengthen security measures.
According to TSMC, the shutdown will result in shipment delays and additional costs. Two days of outages will hurt revenue by about 3 percent. The company said:
We estimate the impact to third quarter revenue to be about three percent, and impact to gross margin to be about one percentage point. The Company is confident shipments delayed in third quarter will be recovered in the fourth quarter 2018, and maintains its forecast of high single-digit revenue growth for 2018 in U.S. dollars given on July 19, 2018.
Here's a look at the TSMC guidance from July 19.
Customers have been notified of the event and TSMC added that it will work closely with them on deliveries. Customers will be told individually how their wafer orders were impacted.
There are a few nuggets in TSMC's annual report worth noting. For starters, the company's customer base is concentrated. TSMC said:
Over the years, our customer profile and the nature of our customers' business have changed dramatically. While we generate revenue from hundreds of customers worldwide, our ten largest customers in 2015, 2016, and 2017 accounted for approximately 63%, 69% and 67% of our net revenue in the respective year. Our largest customer in 2015, 2016, and 2017 accounted for 16%, 17% and 22% of our net revenue in the respective year. Our second largest customer in 2015 and 2016 accounted for 16% and 11% of our net revenue in the respective year. In 2017, our second largest customer accounted for less than 10% of our net revenue.
And the comapny also talked about cybersecurity in its annual report:
Even though we have established a comprehensive Internet and computing security network, we cannot guarantee that our computing systems which control or maintain vital corporate functions, such as our manufacturing operations and enterprise accounting, would be completely immune to crippling cyber attacks by any third party to gain unauthorized access to our internal network systems, to sabotage our operations and goodwill or otherwise. In the event of a serious cyber attack, our systems may lose important corporate data and our production lines may be shutdown indefinitely pending the resolution of such attack. While we also seek to annually review and assess our cybersecurity policies and procedures to ensure their adequacy and effectiveness, we cannot guarantee that we will not be susceptible to new and emerging risks and attacks in the evolving landscape of cybersecurity threats.