Tools / News / Tata Electronics Breach Spills 630GB of Apple and Tesla Files Plus Employee Passport Scans
Press

Tata Electronics Breach Spills 630GB of Apple and Tesla Files Plus Employee Passport Scans

· VaultTools

Tata Electronics confirmed a breach after the World Leaks ransomware gang published 204,341 files (630GB) allegedly stolen from the Apple and Tesla supplier, including manufacturing design specs, trade-secret drawings, and employee passport copies. Data was live on the dark web from at least June 10; Tata confirmed it June 22, 2026.

VaultTools · June 27, 2026

A green circuit board dissolving at its edge into drifting data particles that reassemble as a passport, an engineering schematic, and a blueprint, illustrating design files and IDs leaking from the Tata Electronics breach. Illustration: VaultTools

Table of Contents

What Happened

Tata Electronics, the Indian electronics and semiconductor manufacturer that supplies Apple and Tesla, confirmed a cybersecurity incident after the World Leaks ransomware gang published a large cache of files allegedly stolen from the company. According to TechCrunch, the company said it “identified a cybersecurity incident on some of its systems” a few weeks earlier and claimed there was “no impact on our operations across businesses, which remain unaffected.”

The leaked dataset is large. Cybersecurity News reported the gang published “over 200,000 files totaling more than 630 gigabytes.” The exact count cited across reporting is 204,341 files, or 630.4GB.

What Was Exposed

The files go well beyond corporate email. According to Cybersecurity News, the cache included emails, “multi-year event logs,” “manufacturing and component design specifications,” and “employee passport copies (including those of foreign nationals).” Researchers also identified cryptographic certificates and key files among the data.

The customer documents are what drew attention. Cybersecurity News reported a “52-page document bearing Apple’s proprietary markings” that detailed quality inspection standards for iPhone circuit board components, with footers reading “This document contains proprietary and confidential information of Apple Inc.” A search for Apple in the leak returned 181 files and folders, several labeled “com.apple.factorydata.”

On the Tesla side, reporting described a folder labeled “NV36 Chargeport Controller - North America” and files referencing “Project Highland, Tesla’s publicly known internal codename for the revamped Model 3,” with footers marking the contents as “confidential, proprietary, and a trade secret of Tesla Inc.”

How It Happened

This was an extortion-driven theft, not a misconfigured bucket. The World Leaks ransomware gang exfiltrated the data and posted it to its leak site, and CNBC reported that Tata received a ransom demand in exchange for not releasing the stolen files. Tata declined to comment on the specifics of the demand.

The underlying exposure is structural. Apple and Tesla shared sensitive design specifications, schematics, and trade-secret drawings with a contract manufacturer, and those files lived on Tata’s systems. Employees, including foreign nationals, had handed over passport scans for onboarding and compliance, and those sat in the same environment. Once a document is uploaded to a third party’s server and retained, its security depends entirely on that third party’s defenses.

The Disclosure Timeline

Indian cybersecurity researcher Rajshekhar Rajaharia confirmed the data had been accessible on the dark web since at least June 10, 2026. TechCrunch published its report on June 22, 2026, and CNBC and Cybernews followed on June 23. Tata Electronics said its “response protocols were deployed immediately” after detection, and Apple said it is investigating the incident.

Why This Matters for Browser-Based File Tools

A passport scan or a design document that never leaves the device cannot be exfiltrated from a supplier’s server. The Tata breach is a failure of stored data: files collected for onboarding or shared for manufacturing, then retained on systems outside the original owner’s control until an attacker got in.

VaultTools is built on the opposite default. Every tool runs client-side in your browser through WebAssembly. When you crop an ID photo, strip metadata from a scan, redact a passport page, or convert a document, the file is processed in memory on your own machine. There is no upload, no server-side copy, and no vendor storage to breach or hold for ransom. A file that never leaves the device cannot leak from one.

Large supply chains will keep moving sensitive documents between companies, and that risk is theirs to manage. But for the everyday handling people do themselves, resizing, converting, and redacting, local processing removes the failure mode entirely.

Sources

← Back to all news