Tata Electronics Cyber Breach Exposes Potential Apple, Tesla IP; Highlights Supply Chain Vulnerabilities
Tata Electronics has confirmed a “cybersecurity incident” that reportedly led to the exposure of sensitive intellectual property belonging to its major clients, Apple and Tesla. The breach, which occurred several weeks ago, saw the ransomware group World Leaks post over 200,000 files on the dark web, according to security researchers. These files allegedly contain component design and specification papers for both technology giants.
In a statement to Reuters, Tata Electronics stated, “A few weeks ago, Tata Electronics identified a cybersecurity incident on some of our systems. Our response protocols were deployed immediately, and the incident has had no impact on our operations across businesses, which remain unaffected.” The company declined to comment on a reported ransom demand associated with the incident. A source familiar with the matter indicated that Apple is currently investigating the breach and conducting a “full analysis.”
This incident marks another significant challenge for Apple’s supply chain in India, a region where Tata is rapidly becoming a crucial manufacturing partner outside of China. This expansion is a key component of Prime Minister Narendra Modi’s strategy to establish India as a global electronics manufacturing hub. The breach also follows a similar cyberattack last year on Tata’s British Jaguar Land Rover group, which resulted in a six-week production halt.
World Leaks, a group previously linked to a breach at Nike, claimed responsibility for the data posted on its dark net website. While Reuters could not immediately verify the authenticity of the data or reach World Leaks for comment, security researchers who reviewed the dump reported that it contains over 630 gigabytes of data. Among the purported Apple files are those titled “com.apple.factorydata” and documents referencing “material specification.” Indian cybersecurity researcher Rajshekhar Rajaharia, who examined the files for Reuters, noted the presence of emails, event logs spanning several years, and passport copies of employees, including foreign nationals. The data has reportedly been accessible on the dark web since at least June 10.
Industry sources indicate that Tata Electronics also manufactures components for Tesla. The World Leaks database allegedly includes a folder labeled “NV36 Chargeport Controller – North America,” potentially referring to parts for an updated Tesla Model Y SUV. Another purported Tesla document, described as “TRADE SECRET,” reportedly contains drawings for Project Highland, the internal codename for a revamped Model 3 sedan. Tesla has not yet responded to requests for comment.
Mr. Rajaharia’s review of the files revealed numerous documents marked with Apple’s proprietary and confidential information notices, as well as Tesla’s assertions of confidentiality, proprietary rights, and trade secrets. Some files specifically contained footers stating, “This document contains proprietary and confidential information of Apple Inc.” and “information contained herein is deemed confidential, proprietary, and a trade secret of Tesla Inc.” Searches for “Apple” within the leaked data returned 181 files and folders, while searches for “Tesla” yielded manufacturing specifications and assembly documents. The breach underscores the escalating sophistication of cyber and ransomware attacks and the inherent vulnerabilities within global supply chains, posing significant risks for legal, compliance, and executive teams. Tata reportedly informed some employees at its iPhone assembly operations about the data breach last week. Tata currently accounts for approximately one-third of Apple’s iPhone production in India.
