Tata Electronics Confirms Data Breach — Apple & Tesla Trade Secrets Dumped on Dark Web by World Leaks Ransomware Gang

The World Leaks ransomware group has published more than 200,000 files allegedly stolen from India's Tata Electronics, one of Apple's most important iPhone manufacturing partners and a supplier to Tesla — putting confidential schematics, engineering documents, and employee passport scans in public view.

On June 22, 2026, Tata Electronics quietly confirmed what cybersecurity researchers had already begun to unpack — a serious breach of its systems that put some of the most guarded manufacturing secrets of Apple and Tesla within reach of anyone browsing the dark web. The disclosure came only after the World Leaks ransomware group posted an enormous trove of alleged company data online, forcing the Indian manufacturing giant's hand.

The incident is not just another corporate breach footnote. Tata Electronics has, over the last few years, positioned itself as the backbone of India's iPhone manufacturing ambitions — making this exposure a direct concern for Apple's supply chain strategy, India's tech industry credibility, and the millions of people whose employer records may now be circulating on hacker forums.

What Exactly Was Leaked?

The World Leaks post on its dark web site claimed 204,341 files — 630.4 GB in total — stolen from Tata Electronics. Cybersecurity researchers who reviewed a sample of the material described what they found in striking terms: this is not generic internal data. It goes deep into the proprietary operations of two of the world's most valuable companies.

Among the documents: a 52-page file bearing Apple's own proprietary markings, reportedly laying out quality inspection standards for iPhone circuit board components. Files returned by a search for "Hosur" — the Tamil Nadu city where Tata runs its main iPhone assembly plant — numbered 33 folders. A search for "Apple" surfaced 181 files and folders; a search for "Tesla" returned manufacturing specifications and an assembly document dated May 2025.

Some files carried footers that left little room for ambiguity. Apple's read: "This document contains proprietary and confidential information of Apple Inc." Tesla's stated the content was "deemed confidential, proprietary, and a trade secret of Tesla Inc."

The dump also reportedly includes passport copies of employees — including foreign nationals — internal emails, event logs spanning multiple years, and supplier-facing material standards. In short: operational and personal data in one package, exactly what makes these breaches so damaging to remediate.

Tata Electronics: What the Company Said

"A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected." — Tata Electronics statement to Reuters, June 22, 2026

The phrasing is measured, as official statements tend to be after a breach. Tata confirmed the incident happened. It declined to answer questions about what data was actually exposed, how many employees or clients were affected, or whether Apple and Tesla had been notified. That communication gap is significant — when a supplier's breach may have exposed your product blueprints, you need to know, and you need to know quickly.

Reuters reported separately that Tata had already told some employees at its iPhone assembly operations about the breach the previous week — suggesting internal notification moved faster than the public statement.

Who Is World Leaks — and Why Should You Care?

World Leaks is a ransomware operation that emerged in early 2025. Cybersecurity researchers widely believe it is a rebrand of Hunter's International, a notable ransomware cartel, operating under a new name after attracting too much attention. The group's biggest 2026 target before Tata was Nike, whose breach it also claimed earlier this year.

The tactic here is textbook ransomware extortion: steal data, issue a ransom demand, and if the victim refuses to pay (or stalls), publish the data on a dark web leak site. It puts companies in an impossible position — paying funds criminal operations; not paying means watching sensitive intellectual property circulate freely among competitors, nation-state actors, or whoever decides to download it.

Tata has confirmed it received a ransom demand. What it has not confirmed is whether any payment discussions are ongoing, or whether the breach and the publication of the files are related to a breakdown in those discussions.

Why Tata Electronics Is Such a Significant Target

Founded in 2020, Tata Electronics has grown fast — from a standing start to one of Apple's most important manufacturing partners outside China in just a few years. The company entered iPhone manufacturing in 2023 by acquiring the Indian operations of Wistron, a longtime Apple contractor. It later picked up a 60% stake in the Indian unit of Pegatron, another major Apple manufacturer. Today Tata accounts for roughly one-third of Apple's iPhone production in India, with Foxconn handling the rest.

The Tesla relationship is newer. Tata Electronics became an official Tesla supplier in 2025, providing semiconductor chips, circuit board assemblies for battery management systems, vehicle motor controller units, and door-control mechanisms.

That combination — deep inside both Apple's iPhone supply chain and Tesla's vehicle manufacturing ecosystem — makes Tata Electronics an exceptionally high-value target. Whoever steals its data is not walking away with generic supplier records. They have proprietary production standards for two of the most closely guarded product lines in consumer technology and automotive engineering.

A Pattern of Attacks Hitting Tata Group

This is not an isolated incident for the broader Tata Group. The conglomerate's subsidiaries have faced repeated and costly cyberattacks, and the pattern is becoming difficult to overlook.

Last year, Tata Motors' Jaguar Land Rover unit suffered a complete production shutdown at its UK facilities — a six-week halt attributed to a cyberattack by the Scattered Lapsus Hunters hacker collective. The financial toll was reported at approximately $68 million per week. Around the same period, Tata Consultancy Services was identified as the third-party IT vendor whose staff were compromised in a Scattered Spider social engineering attack tied to the breach of UK retailer Marks & Spencer, which eventually cost the retailer $400 million in lost revenue. TCS was subsequently dismissed as M&S's IT help desk vendor.

Three major incidents across Tata Group companies in roughly twelve months. At some point, the question shifts from "how did this happen?" to "what is the group-wide security posture, and who is responsible for it?"

What This Means for Apple's India Strategy

For Apple, the timing is awkward. The company has spent years and considerable political capital building India as its primary manufacturing alternative to China, with the Indian government enthusiastically backing the effort as a cornerstone of the "Make in India" initiative. Tata is the centrepiece of that plan.

The breach adds fresh pressure to a relationship already under scrutiny. Tata Electronics also faces separate regulatory concerns around alleged contamination of farmland near one of its iPhone component plants in India. That issue, combined with a major cybersecurity incident exposing proprietary Apple manufacturing data, gives Apple's procurement teams more than enough to think about.

Apple said it is investigating. What form that investigation takes — and whether it leads to any changes in how Tata handles Apple's confidential data — will be watched closely across the industry.

The Broader Lesson: Supply Chain Cybersecurity Is Now the Frontline

The Tata Electronics breach is a clean illustration of a shift in how sophisticated ransomware groups operate. Rather than targeting the best-defended companies directly — Apple and Tesla both have world-class security teams — attackers go through the supply chain. They find the manufacturing partner, the logistics vendor, the IT services provider. Someone who holds sensitive client data but may not be subject to the same security scrutiny as the client itself.

Apple, Tesla, and every other major technology company that outsources manufacturing needs to treat its supplier network as an extension of its own security perimeter. That means audits, contractual requirements, shared incident response protocols, and the ability to verify — not just trust — that partner organisations are handling proprietary data responsibly.

The 630GB now sitting on a dark web leak site suggests the gap between "assumed secure" and "actually secure" can be very large indeed.