Tata Confirms Apple, Tesla Data Breach Claim

The breach's connective tissue also extends to the Jaguar Land Rover attack from last year.

Jeff Reinke

Jun 24, 2026

istock.com/KulpreyaChaichatpornsuk

Article Summary

Tata Confirms Apple, Tesla data breach claim, with connections to the JLR attack from last year.

Over 630GB of data comprising over 204,000 files have been uploaded to the dark web.

Taking credit for the hack is World Leaks, a rebrand of the Hunters International ransomware group.

Previous victims have included Dell Computers and Nike.

India-based Tata Electronics recently confirmed that it was the victim of a data breach. While the company was quick to state that it deployed its response protocols and that the attack had no impact on its operations, over 630GB of data comprising over 204,000 files have been uploaded to the dark web.

Taking credit for the hack is World Leaks, a rebrand of the Hunters International ransomware group. It focuses on stealing corporate data in hopes of extorting payment to avoid dark web postings, as opposed to traditional file-encryption strategies. Previous victims have included Dell Computers and Nike.

The connective tissue of the attack is what makes it especially intriguing. First, the leaked data contained sensitive information related to Apple and Tesla - key Tata customers. The information that World Leaks stole appears to range from email conversations and employee data to potentially vital manufacturing and product specification information.

World Leaks claims a large portion of the stolen data contains proprietary product information, but that claim has not been substantiated.

Apple, who contracts with Tata Electronics for iPhone production, has reportedly launched their own investigation on the breach, but offered no additional comments. Tesla has also remained silent.

Second, Tata Electronics is the sister company of Tata Motors, owners of Jaguar Land Rover. The automaker was the victim of a massive cyberattack last August that not only shut down operations for over a month, but impacted the British economy to the tune of over $2B.

Tata Electronics also works with a number of other high-profile manufacturers, including Intel and Qualcomm.

For many, the surfacing of details about the breach also raise more questions on the potential scale of such an attack. Black Hills Information Security's John Strand notes that, "Whenever a breach becomes public because stolen data appears on the dark web, it raises a larger question: how many similar operations, especially those conducted by nation-state-level adversaries, are still operating undetected?

"The attacks that make the news deserve attention, but the greater concern is the reuse and evolution of the same tactics, tools, and infrastructure across campaigns that never become visible."

There are also key supply chain considerations, as Jacob Krell at Suzu Labs identified. “Apple escaped supplier concentration in China and recreated it in India. One-third of India's iPhone output (comes from) one conglomerate.

“Vendor cybersecurity review has to cover the whole corporate family. Subsidiaries share IT vendors and security culture, so a breach at one should trigger immediate review of every entity holding sensitive client IP. When you hand trade secrets to a contract manufacturer, the cybersecurity terms in that vendor agreement need to reflect what's being transferred.

"Continuous monitoring, audit rights, and breach notification requirements should be baseline for a supplier holding IP at this sensitivity level. A questionnaire at onboarding doesn't cut it. 630 gigabytes on a leak site shows what happens when vendor oversight doesn't match the exposure.”

"While the immediate operational crisis centers on leaked schematics for Apple and Tesla, the true systemic damage occurs when organizations prioritize check-the-box compliance to preserve underwriting limits rather than addressing the root cause of third-party aggregation risk," stated Xcape's John Carberry. He also points to some key lessons learned:

Enterprise security teams must shift from static vendor compliance questionnaires to continuous, automated data lineage tracking across all external manufacturing partners.
Risk officers must audit existing cyber insurance policies to ensure coverage limits explicitly account for interconnected, multi-party supply chain liabilities rather than localized infrastructure losses.
Access architectures governing joint-venture environments must enforce strict zero-trust isolation to prevent lateral movement from compromised sub-contractor networks.

This appears to be a situation where zero or limited ransomware payments were made. Most would applaud Tata's commitment to not bowing to criminals. Hopefully their customers are among this group.