Tata Hack Leaks 200K+ Apple/Tesla Files; 630 GB Exposed on Dark Web
Key Takeaways
- Ransomware group World Leaks breached Tata Electronics, exposing over 200,000 files containing Apple and Tesla trade secrets.
- The 630 GB data dump includes proprietary design documents and employee passports, highlighting critical supply chain cyber risks.
- This incident underscores the urgent need for OT security and dark web monitoring.
Mentioned
Key Intelligence
Key Facts
- 1Over 200,000 files totaling approximately 630 GB were leaked onto the dark web by the 'World Leaks' ransomware group.
- 2Leaked Apple documents included 'com.apple.factorydata' folders, material specifications, and a 52-page quality inspection document for iPhone circuit board components from Tata's Hosur plant.
- 3Tesla documents marked 'TRADE SECRET' were exposed, covering Project Highland (redesigned Model 3) and an 'NV36 Chargeport Controller' potentially tied to an upgraded Model Y.
- 4Security researchers confirmed the data has been accessible on the dark web since at least June 10, 2026, though Tata detected the incident several weeks prior.
- 5Tata Electronics accounts for roughly one-third of iPhone production in India, making it a critical Apple supplier outside China.
- 6In addition to corporate intellectual property, the leaked archive contained employee emails, system logs, and copies of employee passports, posing personal privacy risks.
Includes Apple/Tesla trade secrets, factory data, and employee passports
A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected.
Statement provided to Reuters on June 23, 2026
Analysis
For cybersecurity practitioners, the Tata Electronics breach is a textbook example of supply chain compromise with devastating consequences. A single contractor's vulnerability opened the door to trade secrets of two tech giants — Apple and Tesla — and exposed detailed manufacturing data from factory floor to design blueprint. The fact that data remained available on the dark web for weeks after detection exposes gaps in incident response and takedown coordination, while the diversity of exfiltrated data (OT documents, HR records) signals an advanced lateral movement technique.
The cybersecurity incident at Tata Electronics represents a severe escalation in supply chain attacks against the global electronics manufacturing ecosystem. A ransomware group calling itself World Leaks breached the Indian conglomerate's systems and published over 200,000 files — approximately 630 gigabytes — on the dark web. The data allegedly contains trade secrets from two of the world's most valuable companies: Apple and Tesla. The breach exposes not only the fragility of manufacturing OT/IT perimeters but also the profound cascading risk that a single contractor can pose to multiple multinational corporations.
A ransomware group calling itself World Leaks breached the Indian conglomerate's systems and published over 200,000 files — approximately 630 gigabytes — on the dark web.
Tata Electronics has rapidly grown into one of Apple's most critical manufacturing partners outside China, assembling roughly one-third of iPhones produced in India. It also supplies Tesla with components, as evidenced by leaked drawings marked 'TRADE SECRET' for Project Highland — the internal codename for the redesigned Model 3 — and documents referencing an 'NV36 Chargeport Controller,' likely tied to an upgraded Model Y. The leaked Apple files include material specifications, proprietary 'com.apple.factorydata' folders, and a 52-page quality inspection document for iPhone circuit board components, directly from Tata's Hosur plant in Tamil Nadu. This level of detail provides competitors and malicious actors with an intimate view of Apple's tightly guarded manufacturing processes.
The incident highlights a growing trend: nation-state and cybercriminal groups are increasingly targeting suppliers rather than the headquarters of major brands, exploiting weaker defenses in the supply chain. For Apple, which has been diversifying production away from China due to geopolitical tensions, the breach is a setback, casting doubt on the security maturity of its Indian manufacturing base. The fact that the data has been accessible since at least June 10, 2026 — nearly two weeks before public disclosure — raises concerns about detection and disclosure delays. Tata Electronics stated it detected the incident 'a few weeks ago' and immediately activated response protocols, yet the data remained online, indicating either a slow takedown process or a lack of threat intelligence coordination.
World Leaks has not been previously profiled in major threat intelligence feeds, making this a potential debut or rebranding of an existing ransomware operation. The group's decision to leak the data rather than merely encrypt it for extortion suggests an intrusion focused on exfiltration and public pressure. Ransom demands were reportedly made, but no payment details have emerged. The inclusion of employee emails, system logs, and even passport copies points to broad lateral movement within Tata’s network. This indicates that the attackers likely compromised both operational technology (OT) environments — accessing factory floor documents — and IT systems holding HR data. Such dual compromise is a nightmare scenario for manufacturing cybersecurity.
What to Watch
From a regulatory standpoint, the passport data leak triggers privacy obligations under Indian data protection regulations and, potentially, European GDPR if EU residents were affected. Apple’s own investigation, while still underway, will need to assess whether any of its proprietary code or unreleased product specifications were stolen, which could impact product roadmaps. While Tata insists operations remain unaffected, the reputational damage and potential contractual penalties from Apple and Tesla could be substantial. For Tesla, the exposure of Project Highland trade secrets adds to a history of supply chain leaks, with previous incidents involving Chinese supplier Naura and Cybertruck specifications.
The broader market impact may be delayed, but the incident reinforces the urgent need for enhanced third-party risk management, zero-trust architectures in OT environments, and real-time dark web monitoring. The Indian government's push to become a global electronics hub now faces a critical cybersecurity test. Without mandatory breach notification timelines and stronger supply chain cybersecurity standards, similar incidents could undermine foreign investment. As manufacturing shifts to new geographies, the attack surface grows, and intelligence-led defense must evolve accordingly.
Timeline
Timeline
Intrusion Detected
Tata Electronics identifies a cybersecurity incident on its systems and immediately activates response protocols.
Data Published on Dark Web
Ransomware group World Leaks posts over 200,000 files (630 GB) to its dark web site, including Apple and Tesla documents. Data remains accessible for weeks.
Public Disclosure
Tata Electronics confirms the breach to the public, stating operations remain unaffected. Apple is reported to be investigating; ransom demand mentioned.
Sources
Sources
Based on 2 source articles- macdailynews.comTata Electronics confirms cyber breach : ransomware group leaks alleged Apple and Tesla trade secretsJun 23, 2026
- benzinga.comApple , Tesla Documents Allegedly Leaked After Tata Electronics Cyberattack As Ransomware Group PublishesJun 23, 2026
From the Network
Tata breach puts 33% iPhone capacity and Tesla Model Y secrets at risk
A cyberattack on Tata Electronics, a linchpin of Indian manufacturing for Apple and Tesla, exposes the fragility of global supply chain security. With 200,000 files leaked—including Tesla’s Model Y ch
Legal200K+ Files Expose iPhone 18 Pro Trade Secrets: Legal Fallout for Apple and Tata
The ransomware attack on Tata Electronics has laid bare Apple’s most sensitive supply‑chain data, triggering potential trade secret litigation, contract disputes, and compliance headaches under Indian
How we covered this story
Every story in our cybersecurity coverage is assembled from multiple primary sources, cross-referenced for factual consistency, and scored along three independent dimensions: sentiment, operational impact, and source-cluster confidence. Single-source rumors and unverifiable claims do not pass our editorial gate. When a story shows "Verified by N sources" with N≥2, the development is independently corroborated; when N=1, we mark it explicitly so readers can weigh the signal accordingly.
Impact scoring uses a 1-10 scale weighted toward regulatory, financial, and operational consequence rather than coverage volume. A topic that runs in every outlet but moves no real decisions ranks lower than a niche regulatory filing that reshapes how operators in the cybersecurity space have to behave. Read our full methodology for the scoring rubric, our glossary for term definitions, and our trends index for the longitudinal view across the beat.
| Signal on this page | What it tells you |
|---|---|
| Verified by N sources | Independent corroboration count. N≥2 is our confidence floor; N=1 is marked explicitly. |
| Impact score (1-10) | Regulatory + financial + operational weight. 8+ signals an experienced-operator action item. |
| Sentiment | Five-tier classification trained on labeled cybersecurity-specific corpora. |
| Timeline | Where applicable, the related-events sequence that contextualizes today's development. |