Ishan Crawford Tata Electronics confirmed the cyberattack, telling BleepingComputer that its operations across businesses remain unaffected. The disclosure came after Reuters reported that documents tied to the company were available on the dark web from at least June 10.
A trove of files allegedly tied to Apple and Tesla manufacturing has since surfaced on the dark web. The extortion group World Leaks posted 204,341 files weighing roughly 630.4 gigabytes and is demanding payment. Apple and Tesla have not publicly commented on the leak, and Tata Electronics declined to say whether it is negotiating with the attackers.
What Tata Confirmed, and What It Did Not Say
In a statement, a Tata Electronics spokesperson put the focus on what had not been disrupted.
A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected.
The statement did not name the systems affected, did not identify the attacker, and did not say whether any data was taken. It also did not address the World Leaks leak site, where files claiming to come from Tata had already been published by the time the spokesperson spoke. Cybernews reported the leak first appeared on World Leaks’ extortion site on June 12. Tata’s confirmation came on Monday, June 22.
204,341 Files and 630.4 Gigabytes, Now Public
Cybernews reviewed the file listing that World Leaks posted and counted 204,341 files weighing roughly 630.4 gigabytes. The cache reportedly contains a mix of internal component schematics, PCB designs, material specifications, SDK files, full passport scans of employees including foreign nationals, and documents marked “TRADE SECRET.”
The leaked folders include one labeled “com.apple.factorydata.” Researchers identified hundreds of references to Apple and Tesla inside the listing, alongside folders named Equipment Data, IATF Audit Documents, Maintenance Engineer reports, and Standard Operating Procedure spreadsheets covering machine setup, inspection, and manufacturing processes. One 52-page document carries Apple’s proprietary markings and purportedly details quality inspection standards for iPhone circuit board components, MacRumors reported. A source familiar with the matter told Reuters a “full analysis was going on” at Apple.
The leaked material also includes employee emails, cryptographic certificates, key files, and event logs spanning several years. Researchers said some of the documents are dated as late as May 2026, putting the intrusion within weeks of the public leak even as Tata’s statement put the original incident “a few weeks ago.”
Tata Electronics is also currently facing a health probe over alleged contamination of farmlands near one of its iPhone parts plants, MacRumors reported. The company has not said when more details on the cyber incident will be released.
- 204,341 files allegedly stolen from Tata Electronics, per Cybernews review
- 630.4 gigabytes in total, per the World Leaks post
- June 10 as the earliest date researchers saw the files on the dark web
- June 12 when World Leaks posted Tata to its extortion site
- Roughly a third of Apple’s iPhone production in India runs through Tata Electronics, with Foxconn making up the rest
The Stake That Was Never Tata’s to Lose
Tata Electronics has become one of Apple’s most important manufacturing partners outside China. The company currently accounts for roughly a third of Apple’s iPhone production in India, with Foxconn making up the rest, according to Reuters. Tata supplies Apple with iPhone back panels, metallic enclosures, circuit board parts, and fully assembled devices.
Tata also became an official Tesla supplier in 2025. The Indian group supplies Tesla with semiconductor chips, circuit board assemblies for battery management systems, vehicle motor controller units, and door-control mechanisms. The leaked files include at least one document marked “TRADE SECRET” with drawings tied to Project Highland, Tesla’s internal codename for its revamped Model 3 sedan.
Apple and Tesla may have strong defenses of their own, but once critical designs and manufacturing data are handed to another company, their security depends on controls they do not directly manage.
The quote is from Michael Centrella, head of public policy at SecurityScorecard, in comments to Cybernews. Centrella’s argument is that outsourcing production extends a brand’s security perimeter to a supplier it does not directly manage. Cybernews also found references to Pegatron, Foxconn, and Qualcomm inside the leaked file listing, though there is no evidence those companies were compromised.
| Customer | Tata Electronics role | What the leak allegedly contains |
|---|---|---|
| Apple | Back panels, metallic enclosures, circuit board parts, fully assembled iPhones (roughly a third of India production) | Folders named “com.apple.factorydata,” a 52-page quality inspection document with Apple’s proprietary markings, PCB designs, SDK files |
| Tesla | Semiconductor chips, circuit board assemblies for battery management systems, vehicle motor controller units, door-control mechanisms (since 2025) | A document marked “TRADE SECRET” with drawings linked to Project Highland, the revamped Model 3 |
World Leaks, the Rebrand That Skipped Encryption
Tata Electronics has not named the threat actor. The World Leaks extortion group posted Tata to its leak site on June 12 and is using the publication of the files as leverage. World Leaks emerged in January 2025 and is widely considered a rebrand of Hunters International, a ransomware cartel that wound down its file-encrypting operations in July 2025. A profile of the group’s operations and rebrand history lays out the connection.
Hunters International and World Leaks run on different playbooks. Hunters International sometimes encrypted victims’ environments alongside stealing files, while World Leaks skips encryption and focuses purely on data theft and the threat of public release. The shift tracks a broader pattern in the ransomware economy, where pure extortion has become a viable alternative to encrypt-and-extort.
Other World Leaks victims include computer maker Dell, which confirmed a breach in July 2025, and sportswear giant Nike, which launched an investigation after a claimed theft of 1.4 TB of files in January 2026. The group’s biggest claimed attack of 2026 was Nike, according to Cybernews.
Tata Group Has Been Hit Three Times Since Last Spring
The Tata Electronics breach is the third major cyber incident involving a Tata Group subsidiary in roughly a year. The first hit Tata Consultancy Services, the group’s IT services arm. TCS was identified as the third-party vendor whose employees were compromised in a Scattered Spider ransomware group social engineering attack last spring. That compromise led to a months-long breach of British retailer Marks & Spencer, costing the company $400 million in lost revenue. Marks & Spencer later fired TCS as its IT help desk vendor.
The second incident hit Tata Motors, parent of Jaguar Land Rover. A Scattered Lapsus Hunters hacker collective attack forced a complete standstill at JLR’s UK production facilities last August. The six-week shutdown cost JLR an estimated $68 million per week, according to Cybernews.
The Tata Electronics breach is the third. The previous two produced public production halts. This one has not yet, with Tata Electronics telling BleepingComputer that operations remain unaffected. The exposure sits with the customers whose manufacturing files lived inside Tata’s systems.
- Spring 2025: Tata Consultancy Services compromised via Scattered Spider ransomware group social engineering; leads to months-long Marks & Spencer breach and $400 million in lost revenue.
- August 2025: Jaguar Land Rover production hit by Scattered Lapsus Hunters hacker collective; six-week UK shutdown, $68 million per week.
- June 2026: Tata Electronics confirms cybersecurity incident; World Leaks publishes 204,341 files alleging exposure of Apple and Tesla manufacturing data.
Frequently Asked Questions
Who is behind the Tata Electronics cyberattack?
Tata Electronics has not named the attacker. The extortion group World Leaks posted what it claims is Tata’s data on June 12 and is demanding payment. World Leaks is widely considered a rebrand of Hunters International, which wound down its encryption operations in July 2025.
Was Apple’s data leaked?
The leaked file listing includes folders named “com.apple.factorydata” and a 52-page document with Apple’s proprietary markings that allegedly details quality inspection standards for iPhone circuit board components. Apple has not publicly commented on the leak.
Are Tata Electronics factories still running?
Yes. Tata Electronics told BleepingComputer that the incident has had no impact on its operations across businesses, which remain unaffected. The company did not specify which systems were touched or whether any data was taken.
What is World Leaks?
World Leaks is a data extortion group that emerged in January 2025, widely considered a rebrand of Hunters International. Its other claimed victims include Dell, with a confirmed breach in July 2025, and Nike, with a claimed 1.4 TB theft in January 2026.
Is Tata Electronics the only Tata Group company recently hit?
No. Tata Consultancy Services was compromised via Scattered Spider last spring, contributing to a breach at Marks & Spencer that cost the retailer $400 million in lost revenue. Jaguar Land Rover, owned by Tata Motors, was forced into a six-week UK production shutdown last August by a Scattered Lapsus Hunters attack estimated at $68 million per week.
Indian Man Jailed 6 Months for Molesting a Singapore Airlines Crew 
Meesho Shares Jump 7% as Citi Initiates Coverage With ₹210 Target 
Info Edge’s Startup Portfolio Hits Rs 41,300 Crore at 8.4x Multiple 
Tata Motors’ FY31 Plan: Rs 40,000 Crore, 15 ICE Models and 10 EVs 
19-Year-Old Self-Taught AI Entrepreneur Earns Rs 1 Crore a Month 
RBI Frees FCNR-B Rules, Letting Banks Lend Against NRI Deposits