A notorious ransomware group is threatening to leak the sensitive files stolen from major technology companies after their third-party manufacturing and assembly partner Luxshare suffered a data breach.
Shenzhen-based Luxshare employs over 230,000 employees and has an annual revenue of over $37 billion. It works with Apple, Nvidia, LG, Tesla, and others in the manufacturing, assembly, and repair of their products.
Luxshare data breach impacts Apple, Nvidia, Qualcomm, LG, and others
On December 15th, 2025, the infamous ransomware group RansomHub claimed it had breached Luxshare and acquired sensitive files, including 2D and 3D CAD models, engineering designs, circuit board designs, Parasolid high-precision geometric data, and engineering documentation. The attackers claim that the data breach affects Apple, Nvidia, Meta, Qualcomm, LG, Geely, and Tesla.
The data breach also leaked the personal information of employees working on various projects between 2019 and 2025. Details leaked include their full names, job positions, and email addresses. Attackers could use that information to target them through phishing, leading to deeper penetration into the company.
If true, the data breach leaked valuable information, highly sought after by competitors and nation-state actors. Business rivals could use the leaked blueprints to manufacture counterfeits or competing products. Similarly, cybercriminals could analyze the stolen information to discover product vulnerabilities for future exploitation.
“The compromised engineering workflows and future product designs indicate that this attack goes beyond financial gain and opens the door to industrial espionage and counterfeit operations,” said Damon Small, Board of Directors, Xcape.
Besides exfiltrating confidential information, the ransomware group also encrypted Luxshare’s data to prevent the Chinese component maker from recovering the stolen information and force it to pay the ransom. At the moment, no word on whether ransom negotiations were in progress.
So far, it remains unclear if the threat actors have sold or misused the stolen information for nefarious purposes. The Apple assembly partner has yet to confirm the data breach or attribute any threat actor.
“This incident underscores the aggregation of risk in the hardware industry, where a single security breach at a major supplier can expose the confidential information of numerous multi-billion-dollar clients. This breach demonstrates that a tech giant’s security is only as strong as its manufacturing partners,” Small added.
RansomHub threatens to leak confidential data
Meanwhile, RansomHub listed Luxshare and its partners on an underground data leak site and threatened to publish the stolen information.
“We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company. We strongly recommend that you contact us to prevent your confidential data and project documents from being leaked,” the attackers warned.
If Luxshare refuses to negotiate, RansomHub could approach the affected companies, like Apple, and demand a ransom, as they are likely to bear the greatest consequences if the stolen information leaks.
“When the blueprints for the world’s most advanced technologies are held for ransom in a supplier’s basement, the blast radius doesn’t stop at the factory floor; it triggers a seismic shift that compromises the intellectual property and competitive edge of the entire global ecosystem,” continued Small.
Formerly known as Cyclops and Knight, RansomHub has been active since 2024 and has victimized over 200 organizations. Its victim profile includes water and wastewater utilities, healthcare, information technology, food and agriculture, manufacturing, transport, and financial services.
The Luxshare data breach is among RansomHub’s largest, following the attack on the human resources giant Manpower, which leaked the personal information of over 145,000 people.
