Apple and Tesla Supplier Tata Electronics Confirms 630 GB Data Theft, Exposing Critical iPhone and Tesla Specifications on Dark Web
An alarming cybersecurity breach has emerged involving Tata Electronics, an Indian manufacturer responsible for assembling about one-third of Apple’s iPhones and supplying semiconductor components to Tesla. The company confirmed on Monday that attackers had stolen and publicly released a substantial cache of confidential files totaling 630 gigabytes. This data includes sensitive engineering blueprints marked as “TRADE SECRET,” a detailed 52-page quality inspection document for iPhone circuit board components, and cryptographic certificates that experts warn could be exploited in future attacks. Tata Electronics, established in 2020, acknowledged “a cybersecurity incident on some of our systems” but claimed that operations remained unaffected. However, it did not disclose that the stolen data had been available on the dark web for at least 12 days prior to its public acknowledgment.
The data extortion group known as World Leaks reportedly posted the cache on its dark web portal around June 12, as noted by security researcher Rakesh Krishnan. Another researcher, Rajshekhar Rajaharia, confirmed to TechCrunch that the leaked dataset contains employee emails, multi-year SAP system event logs, passport copies of employees—including foreign nationals—and cryptographic key files. The dataset, comprising 204,341 files, remained accessible on the dark web at the time of reporting. Apple is currently conducting a full investigation, but neither Apple nor Tesla has responded to requests for comment.
The Significance of Stolen Certificates
While the engineering drawings in the Tata Electronics cache pose a significant risk, the potential dangers associated with the stolen cryptographic certificates and key files may be even more severe. Digital certificates serve as machine-level proof of identity, distinguishing legitimate software updates from malicious ones. Security researchers emphasize that if an attacker possesses a valid code-signing certificate linked to a trusted manufacturer’s infrastructure, they could create signed malware—malicious software that security tools would recognize as authorized due to its trusted certificate.
Though the stolen certificates from Tata have not been confirmed as active signing credentials, the mere exposure creates an attack surface that goes beyond the implications of documentary leaks. While blueprints reveal what Apple and Tesla manufacture, a compromised certificate could jeopardize how those devices function. Tata Electronics has not disclosed which systems were accessed, which certificates were impacted, or whether Apple and Tesla were notified. India’s Computer Emergency Response Team (CERT-In), which mandates that enterprises report cyber incidents within six hours of detection, had not issued a public comment as of the latest updates.
Exposed Information: Apple’s iPhone Assembly Process
Among the materials related to Apple, researchers identified a 52-page document detailing quality inspection standards for iPhone circuit board components, complete with Apple’s proprietary footer. Additionally, 33 files and folders were indexed to “Hosur,” the Tamil Nadu city where Tata operates its primary iPhone assembly plant, a facility central to Apple’s strategy to diversify production away from China. The file listing reviewed by TechCrunch revealed directory names such as “com.apple.factorydata” and references to material specifications. A search for “Apple” within the dataset yielded 181 files and folders.
The authenticity of the leaked files has not been independently verified by Apple, Tata, or major news organizations that examined samples. However, researchers have described the documents as consistent with genuine supplier materials.
Exposed Information: Tesla’s Project Highland Drawings
On the Tesla front, the leaked cache includes a 2023 document labeled “TRADE SECRET,” containing engineering drawings for Project Highland, the internal codename for Tesla’s redesigned Model 3 sedan, which is already in production and available globally. Another folder is titled “NV36 Chargeport Controller – North America,” linked to components associated with an upgraded version of the Model Y. Assembly documents dated as recently as May 2025 were also found in the cache.
Even though the Model 3 redesign is already on the market, the exposure of manufacturing drawings can still be detrimental. These documents provide specific tolerances, assembly sequences, and component specifications that inform how future products are constructed. Competitors gaining access to such detailed information can obtain a technical advantage that generic competitive intelligence cannot replicate.
Understanding World Leaks and the Nature of the Attack
World Leaks operates differently from traditional ransomware groups. It does not encrypt victims’ files and demand payment for restoration. Instead, it is an extortion-only data theft operation: it steals files, publishes them, and demands payment to prevent further publication. The group rebranded from Hunters International, a successor to the Hive ransomware cartel dismantled by law enforcement in 2023. Group-IB, a threat intelligence firm, confirmed that the technical infrastructure and operational methods transitioned from Hunters International to World Leaks.
The distinction between extortion-only and traditional ransomware is crucial. In a conventional ransomware attack, the victim has a theoretical negotiation chip: payment yields a decryption key. In a World Leaks attack, the data is already public. Tata Electronics received a ransom demand, but no payment could recover the 204,341 files that had been accessible on the dark web for two weeks. Consequently, Apple and Tesla must now treat the exposed specifications as permanently public and adjust their strategies accordingly, including updating cryptographic credentials and auditing supplier access.
World Leaks has previously targeted high-profile entities, including Nike, which the group claimed to have breached in January 2026, resulting in the theft of 1.4 terabytes of files, and Dell, which confirmed a breach in July 2025.
A Pattern of Targeting Tata: The Broader Security Record
The breach at Tata Electronics is not the first instance of the Tata Group encountering sophisticated extortion actors. In August 2025, a cyberattack on Tata’s British Jaguar Land Rover subsidiary, executed by a group known as Scattered Lapsus Hunters, halted UK production for six weeks, incurring an estimated cost of $68 million per week. A separate attack on Tata Technologies led to the leak of 1.4 terabytes of employee and client data by Hunters International in March 2025.
Although the Tata Electronics incident did not disrupt operations, the repeated targeting of Tata Group subsidiaries by actors within the same criminal ecosystem raises critical questions for Apple and Tesla regarding the cybersecurity standards required of their Tier-1 suppliers and the auditing processes in place.
Supply Chain Security: A Structural Challenge
The Tata Electronics breach highlights a deeper architectural issue. Both Apple and Tesla invest billions in securing their own systems, and neither company’s networks appear to have been compromised in this incident. The breach occurred within the system through which these leading companies share confidential intellectual property with manufacturers.
This sharing is essential. A supplier responsible for assembling iPhones requires access to manufacturing specifications, component tolerances, and quality inspection standards to ensure consistency across millions of units. Once this data resides with the supplier, its security relies on the supplier’s defenses rather than those of Apple or Tesla. According to Verizon’s 2025 Data Breach Investigations Report, third-party involvement in confirmed data breaches doubled year-over-year to 30%, driven by weak access controls and poor visibility across supply chain partners. The Tata Electronics breach serves as a textbook example of these vulnerabilities.
Since its establishment in 2020, Tata Electronics has rapidly grown to over 75,000 employees and now handles approximately one-third of Apple’s iPhone production in India. Its swift rise—bolstered by the 2023 acquisitions of Wistron’s and 60% of Pegatron’s Indian operations, along with a 2024 semiconductor supply agreement with Tesla—has made it a strategically vital partner and a high-value target for cybercriminals.
Implications for Consumers
For consumers, the immediate concern revolves around whether personal data has been compromised. Reports indicate that no consumer account credentials, payment information, or personal user data were included in the Tata Electronics leak. The exposed materials primarily consist of supplier-side documents: manufacturing specifications, engineering drawings, quality documents, and internal operational records.
However, the indirect risks to consumers are significant. Detailed specifications for iPhone components could enable counterfeit manufacturers to produce knock-off parts that pass inspection. Similarly, engineering drawings revealing how Tesla vehicles are constructed could assist competitors in replicating those designs more efficiently. While these outcomes may not be immediate, they represent a measurable competitive disadvantage that could ultimately impact the quality and security of consumer products.
For the over 75,000 Tata Electronics employees whose personal records may have been compromised—particularly foreign nationals whose passport copies were included—the risks are more immediate. The combination of passport scans, internal emails, and event logs creates a precise targeting toolkit for phishing attacks and social engineering campaigns. Employees receiving internal communications regarding the breach should consider their contact information compromised and enable multi-factor authentication on all accounts.
Frequently Asked Questions
What exactly was stolen from Tata Electronics?
Security researchers have identified manufacturing documents and engineering drawings linked to Apple and Tesla, including a 52-page iPhone circuit board quality inspection document, Project Highland Tesla Model 3 engineering drawings marked “TRADE SECRET,” cryptographic certificates and key files, passport copies of employees—including foreign nationals, multi-year SAP event logs, and Outlook email correspondence. The total file cache amounts to 630.4 GB across 204,341 files. The authenticity of the complete dataset has not been independently verified.
Does this breach affect my iPhone or Tesla vehicle?
No consumer account credentials, payment information, or personal user data have been reported in the leaked files. The immediate risk pertains to Apple’s and Tesla’s intellectual property: manufacturing specifications that could be exploited by competitors or counterfeit suppliers. The potential technical risk involves the cryptographic certificates in the dump, which could be used to create malicious signed software if they remain active. Neither Apple nor Tesla has publicly confirmed whether any certificates have been revoked.
Why can’t Tata pay the ransom and have the data deleted?
World Leaks does not employ traditional ransomware encryption, meaning there is no decryption key to negotiate. The group has already published all 204,341 files, which have been accessible on the dark web since approximately June 10—12 days before Tata publicly acknowledged the breach. Consequently, no payment can technically recover files already published to a dark web portal, reinforcing the advice from security experts that paying extortion-only groups yields no meaningful data recovery benefits.
What is the risk to Tata Electronics employees?
Employees whose passport copies, email addresses, and internal communications are included in the leaked data face heightened risks of targeted phishing attacks and identity fraud. Foreign nationals employed at Tata’s Indian facilities are particularly vulnerable. Affected employees should place fraud alerts on financial accounts, monitor for suspicious communications referencing internal company details, and enable multi-factor authentication across all accounts.
Source: www.techtimes.com
Keep reading for the latest cybersecurity developments, threat intelligence and breaking updates from across the Middle East.
