204,341 Files, 630 GB: Inside the Tata Electronics Breach That Exposed iPhone 18 Pro Secrets

New Delhi: Somewhere in Tamil Nadu, on June 12, a ransomware crew posted a message nobody in Cupertino or Chennai wanted to see. World Leaks said they had 204,341 files — 630.4 gigabytes. The files came from Tata Electronics. That’s the company building one out of every three iPhones made in India. Also supplies parts to Tesla. World Leaks followed through. The data went public.
Search “Apple” inside the dump, you get 181 files and folders. Some carried the footer: “This document contains proprietary and confidential information of Apple Inc.” Search “Tesla,” you get engineering drawings stamped “TRADE SECRET.” In between: passport scans of foreign nationals, internal emails spanning years, cryptographic certificates, and a 52-page document with Apple’s quality inspection standards for iPhone circuit boards.
Tata Electronics confirmed the breach on June 22. “We identified a cybersecurity incident on some of our systems,” a spokesperson told Reuters. “Operations across businesses remain unaffected.”
Operations unaffected. Systems restored. Business as usual.
Except Apple’s manufacturing specs are on the dark web now. Tesla’s engineering drawings are getting passed around hacker forums. The passport copies of people who just showed up to work at a factory in Tamil Nadu are part of a 630 GB extortion package any Tor browser can open.
What World Leaks Took
This wasn’t a random grab. It was a precise collection of the most sensitive data a contract manufacturer holds.
On the Apple side, researchers found folders labelled “com.apple.factorydata,” documents called “material specification,” and that 52-page circuit board quality manual. Apple doesn’t publish how it inspects iPhone circuit boards. It doesn’t publish which supplier makes which component. It doesn’t publish the tolerances it demands.
The leak changes that. At least six files in the dump map hundreds of parts in the upcoming iPhone 18 Pro to the specific companies supplying them. Main board chips. Battery parts. Camera modules. Apple considers this commercially sensitive, a source familiar told Reuters. The documents show where Apple draws a part from multiple suppliers — that’s leverage. Where it relies on just one or two — that’s vulnerability.
Among the iPhone 18 Pro files: photographs of handsets getting drop-tested at a Tata plant, dated early 2026. Grey slab, three-rear-camera setup, Apple logo. The source said these are iPhone 18 Pro models. Launch is September.
On the Tesla side, a folder marked “NV36 Chargeport Controller — North America” with parts for an upgraded Model Y. Another document stamped “TRADE SECRET” with drawings for Project Highland — Tesla’s codename for the revamped Model 3. Some files carried Tesla’s own confidential markings.
Then there’s the operational stuff. Event logs going back years. Internal emails. SAP data. Standard Operating Procedure spreadsheets — machine setup, inspection, manufacturing processes. A folder called “War Room documents.” Energy bills. Factory licences.
And the cryptographic certificates. This is the dangerous one. These aren’t historical artefacts. If any are still active, an attacker could impersonate Tata’s systems or maintain access long after the breach was supposedly contained.
Who World Leaks Is
World Leaks started in early 2025. Researchers think it’s a rebrand of Hunters International, a ransomware cartel that shut down in July 2025. Unlike traditional ransomware gangs that encrypt files and ask for payment to unlock them, World Leaks does a pure “hack-and-leak” model. Steal the data, threaten to publish, demand payment.
Previous victims: Dell (July 2025, 1.3 TB claimed) and Nike (January 2026, 1.4 TB claimed). Same pattern every time. Silent infiltration. Extended exfiltration. Public leak site. Ransom demand.
Tata Electronics reportedly received a ransom demand too. Amount and negotiation status — undisclosed.
What makes World Leaks dangerous for manufacturers is the silence. They don’t trigger ransomware alerts because they don’t deploy encryption. They copy data quietly over weeks or months, using authenticated sessions that look like normal file access. Rajshekhar Rajaharia, an Indian cybersecurity researcher who reviewed the Tata files for Reuters, said the dataset includes event logs spanning several years. The data posted June 12 was already packaged. The access itself almost certainly started months before that.
The attacker was inside long enough to map the file system, find the most valuable data, and exfiltrate 630 GB without triggering an alert.
iPhone 18 Pro: What Got Exposed
The most commercially damaging part of this breach is the iPhone 18 Pro data.
Reuters reviewed documents showing the leak includes detailed supplier mapping for the upcoming model. Who makes the main logic board chips. Who supplies the battery modules. Who supplies the camera components. Apple guards this intelligence ferociously. Its public supplier database only lists aggregate figures by region, not part-by-part breakdowns.
The documents also show Apple’s dual-source and single-source strategies. Where Apple has qualified multiple suppliers for a component, it can negotiate on price and delivery. Where it relies on a single supplier — vulnerability. The leak hands rival phone makers and counterfeiters a map of exactly where Apple is exposed.
The drop-test photographs add another layer. iPhone 18 Pro units photographed in a Tata factory months before launch. For a company that once planted fake prototypes in bars to mislead leakers, having actual pre-production units photographed in a supplier’s facility is a security failure of the first order.
Apple is investigating. Tata has restricted internal access and hired a global consulting firm for a forensic audit. But the damage is done. The documents are on the dark web. You can’t un-leak them.
Tesla and the Rest
Tesla’s exposure is less extensive than Apple’s, but more sensitive in some ways.
The Tesla documents include engineering drawings marked “TRADE SECRET” — a legal classification with specific protection under US law. The Project Highland drawings and the Model Y charge-port controller specs are designs Tesla never published. They describe not just what a part does, but how it’s manufactured, the tolerances, the materials, the assembly sequence.
Tesla has been battling counterfeit parts and after-market modifications. Having authentic engineering drawings in the public domain creates a new problem. How do you prove a part is counterfeit when the genuine blueprint is available to everyone?
Other clients named in the file listing include TSMC and Qualcomm, both chip suppliers to Apple. No evidence those companies were directly breached, but their commercial relationships with Tata — and the specs Tata held on their behalf — are now exposed.
Tata’s Growing Cyber Problem
This isn’t Tata’s first ransomware incident. It’s not even the second.
September 2025: Jaguar Land Rover, owned by Tata Motors, got hit by ransomware that shut down UK production for six weeks. Estimated cost: $68 million per week. Attributed to the same Scattered Spider-linked hacker collective that later hit other Tata entities.
2024: Tata Consultancy Services was identified as the third-party IT vendor whose employee credentials got compromised in the Scattered Spider attack on British retailer Marks & Spencer. That breach cost M&S an estimated $400 million in lost revenue. TCS was fired as the retailer’s IT help desk vendor.
Two major Tata entities. Three significant cyber incidents in under two years. One pattern.
The question Tata’s board and its global clients are asking: does cybersecurity at the group level match the speed of manufacturing expansion? Tata Electronics was founded in 2020. It went from zero iPhone production to one-third of Apple’s India output in three years. It employs over 75,000 people across multiple facilities. Security infrastructure rarely scales at that velocity.
What This Means for India’s Manufacturing Push
The breach lands at a sensitive moment.
India is on track to make 26% of the world’s iPhones in 2026, up from 6% four years ago, according to Counterpoint Research. The production-linked incentive scheme has drawn global manufacturers to India. Apple’s shift beyond China is one of the flagship successes of that policy.
But trust is fragile. Apple guards its supply chain like a state secret. The company has a dedicated team tracking leaks and supplier indiscretions. Having 630 GB of manufacturing data dumped on the dark web — including unreleased product details — tests the goodwill underpinning Apple’s relationship with Tata.
Paolo Pescatore, founder of PP Foresight, put it bluntly: “A breach of this nature is not usually a smash-and-grab exercise. To access this volume and type of data, attackers typically need a foothold inside the organisation, compromised credentials, weak access controls, or the ability to move across internal systems undetected.”
The breach won’t derail Apple’s India strategy. The economics of moving beyond China are too strong. But it will sharpen scrutiny on every Indian contract manufacturer. Global OEMs will demand demonstrable, continuous security monitoring as a contract requirement — not a checkbox on a supplier audit form.
Indian manufacturers who get ahead of this will keep winning contracts. Those who wait to be asked will find themselves on the wrong side of a supplier audit.
The Real Problem: Supply Chain Trust
This breach didn’t happen because someone broke into Apple. It happened because someone broke into a company that builds Apple’s products.
Apple’s quality inspection standards are marked “proprietary and confidential.” Tesla’s engineering drawings are marked “TRADE SECRET.” Both spend enormous sums protecting this IP within their own walls. But when that IP moves to a contract manufacturer’s file server in Tamil Nadu, the protection it gets is whatever that manufacturer’s IT infrastructure provides.
Nick Tausek, lead security automation architect at Swimlane, told Cybernews: “Tata keeps showing up in these conversations because it sits in the middle of so many high-value relationships. Apple and Tesla are the names that grab attention, but Tata is the connective tissue that makes their operations move.”
Michael Centrella of SecurityScorecard added: “This is the risk companies create when they treat suppliers as operational partners but not as extensions of their security perimeter. Apple and Tesla may have strong defenses of their own, but once critical designs and manufacturing data are handed to another company, their security depends on controls they do not directly manage.”
The market will now price this risk differently. Global OEMs will start treating supplier cybersecurity not as a procurement checkbox but as an operational requirement with real penalties.
Reckoning
The World Leaks attack on Tata Electronics isn’t a story about sophisticated hacking. No zero-day exploit. No nation-state actor. No advanced persistent threat. It’s a story about the gap between manufacturing growth and security maturity.
Tata Electronics grew from zero to 75,000 employees, building one-third of Apple’s India iPhones, in three years. That’s extraordinary. But security infrastructure — network segmentation, exfiltration monitoring, access controls, incident response plans specific to IP theft — needs to grow at the same pace as the factory floor.
The attacker who entered Tata Electronics didn’t steal Apple’s or Tesla’s data by attacking Apple or Tesla. They stole it because it was on a network they could get into, and nobody detected it until the files were already posted.
The 204,341 files are on the dark web. Employee passports are in a database alongside the iPhone 18 Pro’s component map. The cryptographic certificates that could still grant access to Tata’s systems are in the hands of criminals.
Tata Electronics says operations are unaffected. That’s true, as far as it goes. But operations unaffected is not the same as security intact. The files are still out there. The trust Apple and Tesla placed in their Indian manufacturing partner has been compromised.
And the question nobody has fully answered: if an attacker spent months inside Tata’s network pulling 630 GB of data without being detected, what else did they leave behind?
Sources
- Reuters: “India’s Tata Electronics hit by cyber breach claiming to expose Apple, Tesla trade secrets” (June 22, 2026)
- Reuters: “Apple iPhone 18 Pro supplier list, parts and photos exposed in Tata data leak” (June 29, 2026)
- Reuters: “Apple supplier Tata tightens internal controls after data breach” (June 26, 2026)
- TechCrunch: “Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach” (June 22, 2026)
- Cybernews: “Hackers dump 200,000 alleged secret Apple, Tesla files after Tata Electronics breach” (June 22, 2026)
- BleepingComputer: “Tata Electronics confirms cyberattack as hackers leak data” (June 23, 2026)
- Al Jazeera: “Apple iPhone 18 Pro secrets leaked in Tata Electronics hack: What we know” (June 30, 2026)
- Skeletos IT Services: “630 GB. 200,000 Files. Apple and Tesla Trade Secrets.” (June 24, 2026)
- Security Affairs: “Tata Electronics Confirms Data Breach After 630GB Leak” (June 23, 2026)
- The Record: “Tata Electronics confirms cyberattack after alleged Apple, Tesla data leak” (June 23, 2026)


