A major ransomware attack on Luxshare, one of Apple’s most critical manufacturing partners, allegedly exposed over 1TB of confidential data from the iPhone giant and other tech behemoths. Stolen information in the Luxshare data breach includes product designs, engineering documents and employee information spanning from 2019 to 2025, according to a new report.
Major Luxshare data breach may expose confidential Apple product files
The breach, which occurred in December 2024, was carried out by RansomHub, a notorious ransomware group that has been actively targeting major corporations, according to a report Monday in CyberNews. The attackers’ dark web forum announced the breach on December 15, 2025. And they threatened to leak sensitive data from Apple, Nvidia, Tesla, LG and other tech giants unless Luxshare pays an undisclosed ransom.
“We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company,” the attackers said to Luxshare in their disclosure. “We strongly recommend that you contact us to prevent your confidential data and project documents from being leaked.”
What thieves stole in the attack
Researchers who examined sample data posted by the attackers said the breach exposed highly sensitive materials that could have significant implications for Apple and its users.
The stolen information reportedly includes:
- Detailed 3D CAD product models and high-precision geometric design data
- Circuit board layouts and printed circuit board manufacturing files
- Mechanical component drawings and 2D manufacturing specifications
- Confidential engineering documentation in PDF format
- Internal repair procedures and logistics workflows between Apple and Luxshare
- Project timelines and partner coordination documents
- Design files in .dwg and Gerber formats commonly used in product manufacturing
The leaked data also contains personally identifiable information of employees working on Apple projects, including full names, job positions and work email addresses. The documents span projects from 2019 through 2025, suggesting that unreleased Apple products may be included in the compromised data.
Why this matters for Apple users
The implications of this breach extend far beyond corporate espionage. Security experts warn that the stolen engineering files could enable malicious actors to reverse-engineer Apple products. And they could manufacture convincing counterfeits and identify hardware vulnerabilities to exploit in future attacks.
Access to detailed circuit board layouts and component specifications could help attackers develop targeted firmware exploits or orchestrate sophisticated supply chain attacks. The exposure of employee contact information also increases the risk of phishing campaigns targeting Apple’s manufacturing partners and potentially compromising additional systems.
About Luxshare and the attackers
Shenzhen, China-based manufacturing giant Luxshare employs more than 230,000 people and earns annual revenues exceeding $37 billion. The company has become increasingly important to Apple’s supply chain in recent years. It assembles iPhones, AirPods, Apple Watches and Vision Pro headsets. Luxshare’s role expanded after Apple’s primary assembler, Foxconn, experienced production-halting protests.
First identified in 2024, RansomHub quickly established itself as one of the most prolific ransomware operations. The group emerged after the disappearance of ALPHV (BlackCat) and primarily targets industrial manufacturing and healthcare sectors. According to a CISA advisory, the cybercriminal group breached nearly 500 victims in 2024 alone — almost one victim per day.
Neither Apple nor Luxshare confirmed the breach or commented on the attackers’ claims.
David Snow, an expert on Apple hardware and software, writes on a variety of technological and cultural topics for Cult of Mac. They include Apple news, technology buying guides, and features about computer setups and Apple TV shows and movies.
With 30 years of experience covering technology and other subjects, he has written and edited for numerous print and online publications, including CMP Media, TechTV.com, CNET, Wired News, Red Herring magazine, Law.com, The National Law Journal and Law Technology News magazine. Among other roles, he served as executive editor of the Law.com network of websites and editorial director, technology, for ALM Media.
Snow graduated with a B.A. from Syracuse University with majors in magazine journalism and psychology. While there, he worked as a reporter for The Daily Orange newspaper and associate editor of Equal Time magazine.
Founder of the blog At the Waterline, he can be reached on X (formerly Twitter) via @atthewaterline and on Mastodon via @dsnow.
