Supermicro has reassured shareholders that a third-party investigation refuted a report from Bloomberg saying its motherboards had been compromised by Chinese intelligence agencies. The company said "the investigations firm found absolutely no evidence of malicious hardware on our motherboards," and with that being the case, it believes "today's announcement should lay to rest the unwarranted accusations" made about its products.
The claim that Supermicro's motherboards were compromised was published shortly after a Bloomberg Businessweek feature story entitled "The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies." Bloomberg said in its followup report that a telecommunications company security expert named Yossi Appleboum "provided documents, analysis and other evidence of the discovery" after "The Big Hack" was published.
Those reports were published on October 4 and 9. Supermicro CEO Charles Liang released a statement refuting Bloomberg's reporting on October 18, saying "no one has shown us a motherboard containing any unauthorized hardware chip" and explained that the company was "undertaking a complicated and time-consuming review to further address the article." The letter published today likely stems from that review.
Supermicro has not provided a lot of information about the review process, but that isn't uncommon among security companies. Most of the firms that investigate data breaches, hacks and other security problems specifically tell clients not to disclose their relationship to the public (which is why so many cite an "independent review," "third-party audit" or the like).
Bloomberg's "The Big Hack" and subsequent reporting immediately raised concerns throughout the U.S. after publication. But in the time since, many of the companies named in the report have denied its veracity. Apple CEO Tim Cook said his company wanted the story retracted, and Amazon publicly decried the report (opens in new tab).
Bloomberg's news story about Supermicro's letter notes that "Bloomberg Businessweek has previously said that it stands by its story." At the time of writing, the publication has not made an any other statement about the situation.