The ransomware group has dumped over 204,000 files on the dark web. Some carry Apple’s own confidentiality footers. Others are marked Tesla trade secrets. And Tata Electronics – which builds a third of Apple’s iPhones in India has confirmed the breach Monday while saying almost nothing about what was actually taken.
Tata Electronics builds a lot of things. iPhones, for one, roughly a third of Apple’s India production runs through its facilities. Parts for Tesla, Semiconductors for a customer list that includes ASML, Intel, and Qualcomm. The company employs more than 75,000 people across India and has spent the last few years turning itself into one of the more consequential names in global electronics manufacturing.
On Monday, it confirmed that it suffered a data breach.
A ransomware group called World Leaks posted what it claims is data stolen from Tata Electronics, dumped on a dark web site accessible only through Tor. The listing describes 204,300 files totaling more than 630 gigabytes. Cybersecurity researchers who reviewed the data emails, SAP records, event logs going back years, and documents with footers reading “This document contains proprietary and confidential information of Apple Inc.” Other files carried Tesla’s own trade secret markings.
Tata’s statement in response was about as minimal as a company can get while still technically confirming something happened: “A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected.”
That’s it. No details on what data was compromised, which customers were affected, or whether Apple, Tesla, or anyone else had been formally notified. Asked specifically about the ransom demand, the company declined to comment. Apple and Tesla didn’t respond to requests for comments from the press.
What’s in the leak
Cybersecurity researcher Rajshekhar Rajaharia reviewed the Tata files on behalf of Reuters. He found Outlook email conversations, SAP-related records, event logs spanning several years, and passport copies of employees – including foreign nationals. He shared a screen recording of his review. A search for “Apple” returned 181 files and folders. A search for “Tesla” returned manufacturing specifications and an assembly document dated May 2025.
A second researcher, Rakesh Krishnan, told Reuters the data had been available on the dark web since at least June 10, meaning it sat there for nearly two weeks before Tata’s public confirmation.
Some of what’s in the dump is harder to dismiss as ambiguous. A 52-page document bearing Apple’s proprietary markings appears to detail quality inspection standards for iPhone circuit board components. Folders labeled “com.apple.factorydata” and files referencing “material specification” show up in the database. There are 33 files and folders associated with the search term “Hosur” – that’s the location of Tata’s main iPhone assembly plant in Tamil Nadu.
On the Tesla side, one folder is labeled “NV36 Chargeport Controller – North America,” a purported reference to parts used in an upgraded version of the Model Y SUV. A 2023 document stamped “TRADE SECRET” contains drawings for Project Highland — Tesla’s internal codename for the redesigned Model 3 sedan, a project that’s been publicly known but whose underlying specifications very much aren’t.
Researchers could not verify the authenticity of the data. Neither could anyone on the internet. World Leaks hasn’t responded to press inquiries, and dark web data dumps are inherently difficult to independently confirm. But the footers are specific, the folder names are specific and the volume of material is substantial enough that Apple has reportedly already begun a “full analysis” of what happened, per a Reuters source familiar with the matter.
How Tata got here
Tata Electronics is a relatively young company which was founded in 2020. It entered iPhone manufacturing in 2023 by acquiring the India operations of Wistron, a Taiwanese contract manufacturer that had been making iPhones for years. The following year it picked up a 60% stake in the Indian unit of Pegatron, another major Apple assembly partner. Add those together and Tata now handles about a third of Apple’s iPhone output in India, with Foxconn covering most of the rest.
The Tesla relationship came through a 2024 semiconductor supply deal, which made Tata one of very few Indian companies with manufacturing agreements touching both Apple and Tesla simultaneously.
That expansion wasn’t a sudden one. It’s been encouraged at the highest levels of Indian politics. Prime Minister Narendra Modi has made electronics manufacturing a national priority, and Tata’s growth in this space is one of the more concrete results of that push. The bet is that India can become a credible alternative to China for global tech supply chains. The breach doesn’t help that argument, at least not in the short term.
It also isn’t Tata’s first serious security incident. Last year, a cyberattack on its Jaguar Land Rover operations in Britain brought production to a halt for six weeks. A ransomware event stopping car manufacturing is one thing. A breach that may have put Apple’s circuit board specs and Tesla’s design documents on the dark web is a different category of exposure – for Tata, for its customers, and arguably for India’s pitch to global manufacturers.
What we don’t know
Tata informed some employees at its iPhone assembly operations about the breach last week, according to a Reuters source. It’s unclear whether that notification extended to Apple or Tesla at the same time, or before.
India’s Computer Emergency Response Team – the government body that oversees cyber incidents – hadn’t responded to Reuters’ questions as of Monday evening.
World Leaks previously claimed responsibility for a breach at Nike. The group’s Tor site lists Tata Electronics as a current target, and the 630GB listing is live. The data has reportedly been accessible since June 10.
What we know for certain: Tata confirmed the incident. A ransom demand was made. Apple is investigating. The files are out there.
What remains unclear: whether the data is genuine, how deep the exposure goes, and how much of what’s in that 630GB dump was meant to stay behind Tata’s firewalls indefinitely.
This post first appeared at - The CyberSec Guru