Tata Electronics breach exposes 200,000 Apple, Tesla files

Key Takeaways

• World Leaks ransomware group claims to have leaked over 200,000 files from Tata Electronics, including Apple and Tesla design documents
• Tata confirms the incident but says operations remain unaffected; Apple is reportedly investigating
• Leaked files allegedly include iPhone circuit board inspection standards and Tesla Model 3 'trade secret' drawings

Tata Electronics confirmed a cybersecurity breach this week after ransomware group World Leaks posted what it claims are more than 200,000 files stolen from the Indian manufacturer. The data dump allegedly includes design specifications and component documents belonging to Apple and Tesla, both Tata customers.

Security researchers told Reuters the files, totaling over 630 gigabytes, have been accessible on the dark web since at least June 10. Tata acknowledged the incident but said its operations remain unaffected. Apple is reportedly investigating. Neither Apple nor Tesla responded to requests for comment.

What did World Leaks claim to steal?

The ransomware group's dark web listing shows folders labeled 'com.apple.factorydata' and documents marked 'material specification.' One file is a 52-page document bearing Apple's proprietary markings that allegedly details quality inspection standards for iPhone circuit board components.

Tesla-related files appear equally sensitive. A folder labeled 'NV36 Chargeport Controller - North America' purportedly references parts for an upgraded Model Y SUV. Another document from 2023, marked 'TRADE SECRET,' shows drawings for Project Highland, Tesla's internal codename for its revamped Model 3 sedan.

Indian cybersecurity researcher Rajshekhar Rajaharia, who reviewed the files for Reuters, said the dump also contains years of email logs, event records, and passport copies of employees including foreign nationals. A search for 'Apple' returned 181 files and folders; 'Tesla' returned manufacturing specifications and an assembly document dated May 2025.

How did Tata respond?

“A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected.”

— Tata Electronics statement to Reuters

A source familiar with the matter told Reuters that Tata received a ransom demand related to the incident. The company declined to comment on that claim. Tata informed some employees at its Hosur iPhone assembly plant last week about the breach, according to a second industry source.

India's Computer Emergency Response Team, part of the IT ministry, did not respond to requests for comment.

Why this matters for Apple's India bet

Tata is emerging as one of Apple's most important manufacturing partners outside China. The company operates a major iPhone assembly plant in Hosur, Tamil Nadu, and the partnership is central to Prime Minister Narendra Modi's push to make India an electronics manufacturing hub. India now accounts for roughly 14% of global iPhone production, up from near zero in 2020.

This breach is the latest setback. Tata already faces scrutiny over alleged contamination of farmlands near one of its iPhone parts plants. And last year, a cyberattack on Tata's British Jaguar Land Rover group halted output for six weeks.

For Apple, which has spent years diversifying its supply chain away from China, the breach underscores a persistent problem: expanding to new geographies means onboarding partners with varying security maturity. World Leaks, the group claiming responsibility, previously took credit for a breach at Nike.

What's in the leaked files?

Reuters could not independently verify the authenticity of the data. But several files carry footers stating: 'This document contains proprietary and confidential information of Apple Inc.' and 'information contained herein is deemed confidential, proprietary, and a trade secret of Tesla Inc.'

The 33 files and folders tagged 'Hosur' suggest the breach targeted Tata's primary iPhone assembly operation. If authentic, the documents could provide competitors or bad actors with detailed insight into Apple's quality control processes and Tesla's component designs.

Security researcher Rakesh Krishnan, who also reviewed the data dump, confirmed to Reuters it has been accessible since at least June 10. The dark web site is beyond the reach of search engines, accessible only through specialized browsers.

The broader supply chain security problem

This breach fits a pattern. Supply chain attacks have become one of the most effective vectors for accessing data from major tech companies. Rather than attacking Apple or Tesla directly, threat actors target suppliers with weaker defenses. The payoff can be enormous: access to proprietary designs, manufacturing processes, and internal communications.

According to IBM's 2023 Cost of a Data Breach report, the average breach costs $4.45 million globally. Supply chain breaches typically run higher because they affect multiple parties and often involve sensitive intellectual property. The average time to identify and contain a breach involving stolen credentials: 303 days.

Frequently Asked Questions

What company was breached in the Tata Electronics cyber incident?

Tata Electronics, an Indian manufacturing partner for Apple and Tesla, confirmed the cybersecurity incident. The ransomware group World Leaks claims to have stolen over 200,000 files.

What Apple data was allegedly leaked in the Tata breach?

The leaked files reportedly include iPhone circuit board inspection standards, design specifications, and folders labeled 'com.apple.factorydata.' Some documents carry Apple proprietary markings.

Did Tata Electronics pay the ransom?

Tata has not confirmed or denied receiving a ransom demand, though a source told Reuters one was made. The company declined to comment on any ransom-related questions.

Are Tata Electronics operations affected by the breach?

Tata says its operations remain unaffected across all businesses. The company deployed response protocols immediately after detecting the incident.

What is World Leaks?

World Leaks is a ransomware group that has previously claimed responsibility for breaches at other companies including Nike. It publishes stolen data on dark web sites.

Source: Tech-Economic Times / ET