Ransomware group World Leaks claims to have published more than 200,000 files totalling over 630GB of data stolen from Tata Electronics - one of Apple's most critical manufacturing partners outside China, and a fast-growing supplier to Tesla. Apple has launched a full internal investigation. Tesla has gone quiet. Tata insists operations are unaffected. Nobody has confirmed the data is genuine. Nobody can say it isn't.
What researchers found inside the dump is hard to dismiss. Security experts who reviewed portions for Reuters found files labelled "com.apple.factorydata," documents carrying Apple's proprietary markings, and a 52-page document purporting to detail quality inspection standards for iPhone circuit board components. A search for "Apple" across the archive returned 181 files and folders. A search for "Tesla" pulled up manufacturing specifications and an assembly document dated May 2025. One folder was labelled "NV36 Chargeport Controller - North America" - believed to relate to Tesla's Model Y. Another 2023 document, stamped "TRADE SECRET," contained engineering drawings linked to Project Highland, Tesla's internal codename for the refreshed Model 3.
Some files carried footers reading: "This document contains proprietary and confidential information of Apple Inc." Others stated the content was "deemed confidential, proprietary, and a trade secret of Tesla Inc."
Tata received a ransom demand too, according to a source familiar with the matter. The company won't talk about it.
This isn't a breach of a tech company. It's a breach of a factory. That distinction matters enormously for how coverage responds - and for who ends up holding the bill.
Tata Electronics sits at the centre of two of the world's most valuable supply chains. It produces roughly a third of Apple's iPhones in India. Since 2025 it has been an official Tesla supplier, delivering semiconductor chips, circuit board assemblies, motor controller units and door-control mechanisms. If World Leaks' claims stack up, the IP exposure here would be one of the most significant in manufacturing history.
Three coverage questions land immediately. Does Tata's cyber policy respond to a data exfiltration at this scale? What contingent business interruption exposure do Apple and Tesla carry if manufacturing gets dragged into the fallout? And the hardest one - do Apple and Tesla's own programmes cover IP losses that originate at a third-party supplier neither of them controls?
Supply chain cyber risk has been climbing the underwriting agenda all year, and for good reason. QBE's research found that 59% of businesses that experienced a cyber incident in the past 12 months traced at least one attack to a supplier. Three in five. The Tata breach is no longer an abstract warning about third-party risk. It's Apple and Tesla's names in a dark web database.
AXA XL and Thales said in April that cyber incidents have stopped being isolated events - disruption now spreads across connected systems and supply chains. The global average cost of a data breach hit $4.44 million in 2025. Manufacturing and operational technology environments, they noted, are firmly in scope. Not someday. Now.
This isn't Tata's first ransomware headline. Last year its British subsidiary Jaguar Land Rover was hit by a cyberattack that shut production down for six weeks. That was painful. This is a different scale - in the sensitivity of what's allegedly been taken, and in whose names are on the documents.
World Leaks is a confirmed rebrand of Hunters International, which pivoted away from file encryption to pure data extortion when it relaunched in January 2025. The model is exfiltrate, threaten, publish. That generates IP and reputational exposure more than operational disruption - which shifts the coverage conversation away from business interruption and towards IP protection, media liability and professional indemnity. The group hit Nike in January 2026 using the same approach, publishing 1.4TB of internal files before Nike confirmed it was investigating.
The timing stings. The cyber market is already heading toward a hard correction - rates down 43% since Q4 2023, ransomware claims averaging $508,000 last year, third-party liability claims up 70%, the steepest rise of any tracked category. A supply chain breach with Apple and Tesla attached to it is not what a market under pricing pressure needed.
There's some context worth noting: sources close to Apple's investigation say much of the exposed data dates to around 2021, which may limit its operational sting. Apple doesn't currently see this as a major threat to its business. But the investigation is still running, and nobody has verified the full contents of those 630GB.
For brokers and underwriters with manufacturing clients anywhere near the Apple or Tesla supply chains, that's the exposure right there.
