Luxshare, Nvidia and Tesla: Future Apple product plans may be at risk following Luxshare hack

Luxshare Hit by Ransomware Attack, Exposing Sensitive Apple and Client Data

In December 2025, Luxshare, a key Apple supply chain partner, suffered a ransomware attack that resulted in the theft of highly sensitive data. The breach, which occurred on December 15, was later claimed by the hacking group RansomHub, which posted the stolen files for sale on the dark web.

The attackers allege they obtained a trove of confidential documents, including 3D CAD models, engineering schematics, product repair and shipping timelines, and personal data of employees dating back to 2019. Among the compromised files were Gerber and .dwg design files, as well as electronic and mechanical component documentation critical assets for product manufacturing.

Luxshare, a contract manufacturer, works with multiple major tech firms, and the stolen data reportedly includes proprietary information from Apple, Nvidia, LG, Geeky, and Tesla. For Apple, Luxshare has been involved in projects such as iPhone, MacBook, and Apple Watch production, making the breach particularly damaging.

The implications of the attack are far-reaching. Competitors could exploit the leaked designs to reverse-engineer products or develop counterfeits, while cybercriminals may use the data to identify new vulnerabilities in Apple’s hardware. Though the breach does not directly affect end users, it could disrupt supply chains, leading to production delays or security risks in future Apple devices.

Neither Luxshare nor Apple has officially acknowledged the incident, but the leaked files appear legitimate, raising concerns about the broader impact on the tech industry’s supply chain security.

Source: https://appleinsider.com/articles/26/01/21/future-apple-product-plans-may-be-at-risk-following-luxshare-hack

LUXSHARE-ICT CO., LTD. cybersecurity rating report: https://www.rankiteo.com/company/luxshare-ict-co

NVIDIA cybersecurity rating report: https://www.rankiteo.com/company/nvidia

Tesla cybersecurity rating report: https://www.rankiteo.com/company/tesla-motors

"id": "LUXNVITES1769024668",
"linkid": "luxshare-ict-co, nvidia, tesla-motors",
"type": "Ransomware",
"date": "6/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'customers_affected': 'Apple, Nvidia, LG, Geeky, Tesla',
                        'industry': 'Technology, Electronics Manufacturing',
                        'name': 'Luxshare',
                        'type': 'Contract manufacturer'}],
 'data_breach': {'data_exfiltration': True,
                 'file_types_exposed': ['.dwg', 'Gerber files', 'CAD models'],
                 'personally_identifiable_information': 'Employee personal '
                                                        'data (dating back to '
                                                        '2019)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['3D CAD models',
                                              'Engineering schematics',
                                              'Product repair and shipping '
                                              'timelines',
                                              'Employee personal data',
                                              'Gerber and .dwg design files',
                                              'Electronic and mechanical '
                                              'component documentation']},
 'date_detected': '2025-12-15',
 'description': 'In December 2025, Luxshare, a key Apple supply chain partner, '
                'suffered a ransomware attack that resulted in the theft of '
                'highly sensitive data. The breach was claimed by the hacking '
                'group RansomHub, which posted the stolen files for sale on '
                'the dark web. The attackers obtained confidential documents, '
                'including 3D CAD models, engineering schematics, product '
                'repair and shipping timelines, and personal data of employees '
                'dating back to 2019. The stolen data includes proprietary '
                'information from Apple, Nvidia, LG, Geeky, and Tesla, '
                'potentially disrupting supply chains and enabling '
                'reverse-engineering or counterfeiting of products.',
 'impact': {'brand_reputation_impact': 'High',
            'data_compromised': '3D CAD models, engineering schematics, '
                                'product repair and shipping timelines, '
                                'personal employee data, Gerber and .dwg '
                                'design files, electronic and mechanical '
                                'component documentation',
            'identity_theft_risk': 'Moderate (employee personal data exposed)',
            'operational_impact': 'Potential supply chain disruptions, '
                                  'production delays'},
 'initial_access_broker': {'data_sold_on_dark_web': True},
 'motivation': 'Financial gain, data exfiltration',
 'ransomware': {'data_exfiltration': True},
 'references': [{'source': 'Dark web leak (RansomHub)'}],
 'response': {'communication_strategy': 'No official acknowledgment from '
                                        'Luxshare or Apple'},
 'threat_actor': 'RansomHub',
 'title': 'Luxshare Hit by Ransomware Attack, Exposing Sensitive Apple and '
          'Client Data',
 'type': 'Ransomware'}