ASML discovers its tech has been stolen by China employee, which resulted in violation of “certain export control regulations”
Dutch chip equipment maker ASML Holding has once again suffered a data theft of its IP – this time by a former employee located in China.
In its annual report, ASML admitted the security incident after it “experienced unauthorised misappropriation of data relating to proprietary technology by a (now) former employee in China.
The discovery of this security incident comes at a very sensitive time for the Dutch firm, after it recently reached a confidential agreement with the United States government to restrict the export of its technology to China.
Last month it emerged that Japan and the Netherlands had joined in the US campaign to limit China’s access to advanced chipmaking equipment following top-level talks.
The confidential agreement came after US president Joe Biden met separately with Japanese prime minister Fumio Kishida and Dutch prime minister Mark Rutte last month.
A US official then acknowledged the deal with Japan and the Netherlands for new restrictions on chip-making tool exports to China, but declined to provide details.
In its annual report, ASML addressed the China export restriction agreement head on.
“Several news organisations reported end of January 2023 that the US, the Netherlands and Japan agreed to further restrict the export of semiconductor manufacturing equipment to China,” ASML wrote. “We understand that steps have been taken that would cover advanced lithography tools as well as other types of equipment.”
“The terms of this agreement have not been publicly disclosed and remain confidential for now,” it said. “We expect that it will take many months for the governments to write and enact new rules.”
The US had announced its latest round of export controls in October 2022, designed to hamper Beijing’s ability to ramp up its chip industry and enhance its military capabilities.
China has been building up its chip industry in recent years to reduce its dependence upon the West, but the US argues the trend presents a national security risk.
Now in its annual report ASML revealed (once again) it has experienced IP theft, after a former China employee misappropriated data relating to its proprietary chip technology.
“We are experiencing an increasing number of cyberattacks on our IT systems as well as the IT systems of our suppliers, customers and other service providers, whose systems we do not control,” said the firm. “These attacks include malicious software (malware), attempts and acts to gain unauthorised access to data and other electronic and physical security breaches of our IT systems.”
“They also include the IT systems of our suppliers, customers and other service providers that have led and could lead, for us, our customers, suppliers or other business partners – including R&D partners – to disruptions in critical systems, unauthorised release, misappropriation, corruption or loss of data or confidential information (including confidential information relating to our customers, employees and suppliers).”
“Further, we depend on our employees and the employees of our suppliers to appropriately handle confidential and sensitive data and deploy our IT resources in a safe and secure manner that does not expose our network systems to security breaches or the loss of data,” it added.
“We have experienced unauthorised misappropriation of data relating to proprietary technology by a (now) former employee in China,” ASML admitted. “We promptly initiated a comprehensive internal review. Based upon our initial findings we do not believe that the misappropriation is material to our business.”
It is understood that the data that was misappropriated involved documents. ASML did not expand on the details.
Export control violation
And it seems that the security breach may have impacted ASML’s recent export agreement with the US and Japan.
“However, as a result of the security incident, certain export control regulations may have been violated,” ASML warned. “ASML has therefore reported the incident to relevant authorities. We are implementing additional remedial measures in light of this incident.”Read also : US Commerce Chief: China ‘Not Our Friend’
ASML holds a unique position in the global chip supply chain, as it makes a tool called an extreme ultraviolet lithography machine that is required to make the most advanced semiconductors.
ASML is the only company in the world that produces this machine. Without ASML’s machinery, it will be difficult for China to manufacture the most advanced chips.
Unfortunately this is not the first time that ASML has been at the centre of allegations of data misappropriation in China.
In 2019 ASML admitted it suffered intellectual property theft in 2015, but it rejected a media report at the time that it had been struck by Chinese spies.
Court documents in the US at the time showed six former ASML employees, all with Chinese names, had breached their employment contract by allegedly sharing information on ASML software processes with a San Jose-based company called XTAL Inc, founded by a Hong Kong private investor.
ASML said at the time that no “valuable” files had been accessed, but later admitted it had been robbed “by a handful of our own employees based in Silicon Valley, who had broken the law to enrich themselves.”
Then in 2021, ASML alleged a Beijing-based company called Dongfang Jingyuan Electron “was actively marketing products in China that could potentially infringe on ASML’s IP rights.”
ASML alleged that Dongfang Jingyuan Electron is associated with XTAL Inc, the firm which it obtained a damage award for trade secret misappropriation in 2019 in the US.
Donfang Jingyuan Electron has denied reports about intellectual property theft, CNBC has reported.