Major Tech Supply Chain Breached: Apple, Nvidia Data Stolen in Luxshare Ransomware Attack

RansomHub, the ransomware group, has claimed responsibility for the breach of Luxshare Precision Industries, which is one of the primary manufacturers of products for Apple and other companies across the globe. RansomHub has threatened to release Luxshare’s sensitive files unless Luxshare pays a ransom to recover the stolen information.

The group made their claims in December 2025 when they posted on a dark web message board. In the post, the group claimed they had encrypted the systems at Luxshare and obtained sensitive information from several of Luxshare’s clients, including Apple, Nvidia, LG, Tesla, and Geely.

Luxshare is considered an essential player in the global electronics supply chain. The company produces assembly components for devices, including Apple iPhones, Apple AirPods, Apple Watches, and Apple Vision Pro products. Additionally, Luxshare has established partnerships with several other major technical manufacturers, further complicating the repercussions of this breach.

At the time of writing, Luxshare and Apple have not commented over the breach of Luxshare or the information released by the RansomHub group.

What the Attackers Claim they Took

According to multiple cybersecurity research firms and the analysis of the posts on the dark web (Tor network) made by RansomHub, the ransomware group claims it has stolen at least one (1) terabyte of data, including highly sensitive engineering and manufacturing documents, along with all of the products’ development and testing timelines.

Reportedly, within that one terabyte of compromised data are:

• Detailed 3D CAD product models used in device design and prototyping.
• Circuit board layouts and other printed circuit board (PCB) design files.
• Mechanical and component drawings used in the assembly of products.
• Engineering documents and internal PDF files describing manufacturing workflows.

The RansomHub team claimed that its hacked files included the complete documentation for all existing and future Apple product releases (identified as referred to internally at Apple) going back to 2019 and including every phase of the project from initial proposal to product launch.

Cybersecurity experts have reviewed the various sample files posted by RansomHub and indicated that although the specified documents appear to be from Apple’s internal repositories and not from an external entity, further validation will continue.

Additionally, it appears that this breach of security has resulted in the exposure of employees’ personal identifiable information (full names, job titles, and email addresses) and will pose an additional risk to these employees the exposure of staff data is a common and damaging secondary effect of such breaches, as seen when IT firms managing data for numerous clients are themselves compromised.

Risks to the Tech Industry and Supply Chain

According to cybersecurity professionals, should these assailants indeed obtain this information, both manufacturers and consumers would experience large-scale ramifications.

The foremost concern surrounds reverse engineering. By having access to precise CAD models and PCB layouts, rival businesses or hostile actors would be more capable of replicating or fabricating products with relative ease – potentially furthering the production of counterfeit products.

There’s also the danger of targeted hardware attacks. Detailed knowledge of circuit layouts and internal engineering could enable attackers to look for vulnerabilities at the hardware level—something that software cybersecurity tools typically cannot guard against.

Further, making personal identifying details accessible for high-profile projects can create an added risk of phishing attacks and subsequent breaches targeting employees of either Luxshare or additional companies within the supply chain.

This case establishes a rising pattern where supply chain associates are under attack as portals to bigger corporations. Thus, despite major players such as Apple making substantial commitments towards their own safety, there is still a possibility that a vulnerability at a manufacturer or a supplier creates an avenue for access to a sensitive system.

The US CISA (the Cybersecurity and Infrastructure Security Agency) has warned that supply chain compromises can yield ripple effects throughout many sectors, This underscores a dual supply chain crisis: while companies fortify their physical production links, global law enforcement is simultaneously targeting the parallel supply chain of tools and services that enable such digital attacks. It contributing to supply chain vulnerabilities, although the original target was probably not the largest name brand.

What Happens Next

Ransomware as a Service, such as RansomHub, is where the criminals who use shared tools to perform attacks receive a split of the profits derived from those attacks. Due to this model, there are an increasing number of ransomware attacks being performed and many have been very damaging in recent years.

Cybersecurity experts indicate that companies should take the claims made by criminals regarding incident reports seriously, regardless if they have been verified, and that businesses utilize these warnings as leverage to take action, in order to strengthen their cybersecurity capabilities throughout their entire supply chain.

Regular audits, encrypted backups, and the utilization of Zero-Trust architecture are just a few of the methods used by organizations in order to create a security-oriented environment, thereby reducing the overall level of risk associated with conducting business.

As the story develops, industry watchers will be looking for official responses from Luxshare and its high-profile clients. If the claims are true, this event could prompt deeper scrutiny of how tech supply chains manage sensitive data – and how they defend that data from increasingly sophisticated attacks.