RansomHub Claims Breach of Apple Supplier Luxshare With Alleged Leak of Engineering and Supply-Chain Data
Apple manufacturing partner Luxshare Precision Industry was reportedly hit by a ransomware incident involving data theft and extortion, with internal documents allegedly published to pressure payment. Reporting indicates the exposed materials include sensitive operational information tied to Luxshare’s role in Apple’s supply chain (e.g., production workflows, security procedures, and supply-chain protocols), raising concerns about downstream risk to Apple-related manufacturing and repair operations.
Help Net Security reports the RansomHub ransomware-as-a-service operation claimed responsibility, alleging affiliates stole and encrypted data and posted proof on its leak site. The group claimed the stolen archives include 3D CAD models, engineering design/documentation, 2D manufacturing drawings, and PCB design/manufacturing data, and asserted the data set contains information related to multiple Luxshare customers (including Apple and other major technology/automotive firms); third-party researchers cited in the report said the leak appears to include confidential Apple-Luxshare repair and shipping project details, while Luxshare had not publicly confirmed the breach at the time of reporting.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Luxshare contacted for confirmation as breach reports emerge
On 2026-01-21, media reporting said Luxshare had been contacted for confirmation regarding the alleged incident, but no company response had yet been reported. This marked the first noted public outreach to the affected company in the referenced coverage.
Researchers report reviewing allegedly leaked Luxshare data packages
By 2026-01-21, researchers cited in reporting said they had reviewed posted data packages that appeared to contain confidential Apple-Luxshare device repair, shipping project, and other client-related information. The reporting noted the outlet itself could not independently download and verify the leaked packages.
RansomHub claims breach and data theft at Luxshare
On or before 2026-01-21, the RansomHub ransomware operation allegedly posted Luxshare Precision Industry on its leak site, claiming it stole and encrypted sensitive company data and threatening to publish it if Luxshare did not engage. The claimed data included engineering and manufacturing files, with references to materials related to Apple, Nvidia, LG, Geely, and Tesla.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
Alleged Ransomware Attack on Apple's Second-Largest Manufacturer Luxshare - Confidential Data Exposed
cybersecuritynews.com
Open sourceRansomHub claims alleged breach of Apple partner Luxshare - Help Net Security
helpnetsecurity.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Ransomware and Data-Extortion Claims Targeting Luxshare, McDonald’s India, and US Healthcare Providers
**Ransomware and data-extortion activity** was reported across multiple sectors, with threat actors using leak sites to pressure victims and amplify impact. The **RansomHub** ransomware-as-a-service operation claimed it breached Chinese manufacturer **Luxshare** and stole sensitive manufacturing and R&D archives allegedly tied to major technology firms (including Apple, Nvidia, Tesla, and LG). The posted sample was described as containing engineering artifacts such as **3D CAD/Parasolid files, PCB manufacturing data, and engineering documentation**, plus some project-related PII; the breach had not been independently confirmed at the time of reporting. Separately, the **Everest** ransomware group claimed it breached **McDonald’s India**, alleging exfiltration of **861 GB** of internal documents and customer personal data and threatening publication if demands were not met; McDonald’s India had not confirmed the claim. In US healthcare, **Valley Eye Associates** confirmed a ransomware incident with **data exfiltration** during a short intrusion window, while **Qilin** publicly claimed responsibility and alleged **139 GB** stolen and posted—suggesting a non-payment outcome. A related but distinct development involved healthcare IT vendor **Veradigm**, which agreed to a **$10.5M** settlement tied to a prior (2024) breach affecting **2+ million** patients, underscoring ongoing legal and financial exposure following large-scale patient-data compromises.
Mar 21, 2026
Tata Electronics Breach Exposes Alleged Apple and Tesla Supplier Data
Tata Electronics confirmed a cybersecurity incident affecting some of its systems after threat actors advertised more than **630GB** of allegedly stolen data, spanning roughly **204,300 files**, on a hacker forum and dark-web leak site. Researchers linked the posting to the **World Leaks** ransomware group, and reviewed samples reportedly included Outlook email conversations, event logs, SAP-related information, employee passport copies, and internal documents tied to Tata’s operations. Tata said it detected the incident weeks earlier, activated response protocols, and reported that business operations were not affected. Samples of the leaked material appeared to include confidential supplier specifications and manufacturing documents connected to **Apple** and **Tesla**, raising supply-chain security concerns because Tata is a major manufacturing partner for both companies and also works with other semiconductor and technology firms. Reuters reported that some employees at Tata’s iPhone assembly operations were informed of the breach, **Apple** opened an investigation, and Tata allegedly received a ransom demand, though the company did not publicly comment on that point.
Jun 25, 2026
Everest Ransomware Extortion Claims Target McDonald’s India and Under Armour
The **Everest** ransomware group publicly claimed two separate victim intrusions, alleging large-scale data theft and using leak-site pressure tactics. Everest posted that it breached **McDonald’s India**, claiming exfiltration of **861 GB** of customer data and internal documents and sharing screenshots purportedly showing financial reports, audit trails, pricing data, internal communications, and month-by-month directories suggestive of access to accounting/ERP systems. The leak claim also referenced a “Contact Database” spreadsheet with personal and business details of investors/partners across multiple countries and store-level operational data (e.g., manager names and contact numbers), alongside a short deadline for the company to respond. Separately, **Have I Been Pwned (HIBP)** reported ingesting files allegedly leaked by an Everest member that impacted **72.7 million Under Armour accounts**, with exposed fields including names, email addresses, dates of birth, gender, location, and purchase-related details; Everest additionally claimed other data types (e.g., phone numbers, addresses, loyalty details) and had previously threatened publication unless a ransom was paid. Under Armour had not publicly acknowledged the alleged incident at the time of reporting, and a proposed class action lawsuit was filed following Everest’s initial leak-site posting. A third report about **RansomHub** claiming an intrusion at Apple partner **Luxshare** describes a different ransomware operation and does not appear connected to the Everest claims.
Mar 21, 2026