Tata Electronics Breach Exposes Alleged Apple and Tesla Supplier Data
Tata Electronics confirmed a cybersecurity incident affecting some of its systems after threat actors advertised more than 630GB of allegedly stolen data, spanning roughly 204,300 files, on a hacker forum and dark-web leak site. Researchers linked the posting to the World Leaks ransomware group, and reviewed samples reportedly included Outlook email conversations, event logs, SAP-related information, employee passport copies, and internal documents tied to Tata’s operations. Tata said it detected the incident weeks earlier, activated response protocols, and reported that business operations were not affected.
Samples of the leaked material appeared to include confidential supplier specifications and manufacturing documents connected to Apple and Tesla, raising supply-chain security concerns because Tata is a major manufacturing partner for both companies and also works with other semiconductor and technology firms. Reuters reported that some employees at Tata’s iPhone assembly operations were informed of the breach, Apple opened an investigation, and Tata allegedly received a ransom demand, though the company did not publicly comment on that point.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
5 events from the most recent confirmed update back to the earliest known activity.
Apple opens an investigation into the Tata breach
Reuters reported that Apple was investigating the Tata Electronics breach after leaked files appeared to reference confidential Apple component designs and supplier specifications. The incident raised supply-chain security concerns because of Tata's role in Apple's India manufacturing operations.
Tata employees are informed and ransom demand is received
Reuters reported that some employees at Tata's iPhone assembly operations were informed of the breach and that Tata had received a ransom demand. Tata declined to comment on the ransom aspect.
Tata Electronics publicly confirms the cybersecurity incident
Tata Electronics disclosed that it had recently detected a cybersecurity incident affecting some of its systems. The confirmation followed reports that World Leaks had posted or advertised allegedly stolen Tata data online.
Tata Electronics detects a cybersecurity incident
Tata Electronics said it detected a cybersecurity incident affecting some of its systems a few weeks before its public confirmation and activated response protocols. The company said business operations were not affected.
World Leaks data was accessible on the dark web
Researchers said purported stolen Tata Electronics data had been accessible on the dark web since at least June 10. The dataset was described as containing more than 200,000 files totaling over 630 GB.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
13 references tracked. Mallory keeps watching after this page renders.
Tata Electronics Confirms Data Breach After 630GB Leak Claim Targets Apple and Tesla
securityaffairs.com
Open sourceTata Electronics confirms cyberattack as hackers leak data - Malware News - Malware Analysis, News and Indicators
malware.news
Open sourceTata Electronics Confirms Cybersecurity Incident, Says Business Operations Remain Unaffected - CySecurity News - Latest Information Security and Hacking Incidents
cysecurity.news
Open sourceTata Electronics confirms data breach after sensitive files appear online | brief | SC Media
scworld.com
Open sourceTata Electronics confirms cyberattack after alleged Apple, Tesla documents appear online | The Record from Recorded Future News
therecord.media
Open sourceteiss - News - Tata Electronics confirms data breach affecting Apple, Tesla supplier files
teiss.co.uk
Open sourceTata hit by cyber breach claiming to expose Apple, Tesla trade secrets - Business Insurance
businessinsurance.com
Open sourceTata Electronics, a major tech supplier to Apple and Tesla, confirms data breach | TechCrunch
techcrunch.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
RansomHub Claims Breach of Apple Supplier Luxshare With Alleged Leak of Engineering and Supply-Chain Data
Apple manufacturing partner **Luxshare Precision Industry** was reportedly hit by a ransomware incident involving data theft and extortion, with internal documents allegedly published to pressure payment. Reporting indicates the exposed materials include sensitive operational information tied to Luxshare’s role in Apple’s supply chain (e.g., production workflows, security procedures, and supply-chain protocols), raising concerns about downstream risk to Apple-related manufacturing and repair operations. *Help Net Security* reports the **RansomHub** ransomware-as-a-service operation claimed responsibility, alleging affiliates stole and encrypted data and posted proof on its leak site. The group claimed the stolen archives include **3D CAD models**, engineering design/documentation, **2D manufacturing drawings**, and **PCB design/manufacturing data**, and asserted the data set contains information related to multiple Luxshare customers (including Apple and other major technology/automotive firms); third-party researchers cited in the report said the leak appears to include confidential Apple-Luxshare repair and shipping project details, while Luxshare had not publicly confirmed the breach at the time of reporting.
Mar 21, 2026
Nitrogen Claims Foxconn Wisconsin Breach Exposed 8TB of AI Manufacturing Data
Foxconn said operational IT issues disrupted its Mount Pleasant, Wisconsin campus, where workers reported a broad network outage affecting Wi‑Fi, core infrastructure, and timekeeping systems as production was gradually restored. The **Nitrogen** ransomware group later claimed responsibility on its extortion site, alleging it stole **8TB** of data spanning more than **11 million files** from the Racine County facility, including assembly instructions, hardware schematics, and data center topology diagrams tied to customers such as **Apple, Intel, Google, NVIDIA, and Dell**. Foxconn has not verified the authenticity of the leaked samples or disclosed any ransom demand, and reports said the incident may also have affected a Foxconn site in Houston. The claimed breach adds to a pattern of ransomware incidents affecting Foxconn manufacturing operations. In 2022, Foxconn confirmed a ransomware attack at its **Tijuana, Mexico** plant that disrupted production and was claimed by **LockBit**, with the company saying recovery was underway and overall business impact would be limited. That attack followed a 2020 intrusion at Foxconn’s **Ciudad Juárez** facility attributed to **DoppelPaymer**, underscoring repeated targeting of the company’s production sites and raising renewed supply-chain and industrial espionage concerns around its AI server and electronics manufacturing operations.
May 25, 2026
IntelBroker Claims Apple Source Code Exposure Involving Internal SSO and Atlassian Plugins
Threat actor **IntelBroker** claimed to have breached Apple and posted code on BreachForums tied to three internal tools: `AppleConnect-SSO`, `Apple-HWE-Confluence-Advanced`, and `AppleMacroPlugin`. Reporting said the exposed material appeared related to Apple’s internal authentication and workflow environment, including integrations for Atlassian Jira and Confluence, raising concern that the leak could reveal sensitive implementation details useful for follow-on attacks. Apple had not confirmed a breach at the time of reporting, and major outlets had not independently verified the claim. Independent analysis cited in coverage said the leak did **not** appear to contain the full source code for the named internal tools, but rather proprietary plugins and configuration data used to connect Apple authentication systems to internal collaboration platforms. That assessment said the exposure could still create meaningful enterprise security risk by disclosing internal architecture and access-related details, while indicating that Apple customer products and services were not affected. The claim emerged shortly after IntelBroker also alleged a breach of AMD, and later reporting noted Cisco was also claimed as a victim by the same actor.
May 25, 2026