Luxshare Precision Industry Co. Ltd., a Chinese electronics manufacturer and key assembler for Apple Inc, is reported to have suffered a data breach that may expose confidential product information to a ransomware group. The alleged incident was disclosed in a post by the attackers, who claimed to have encrypted company systems and threatened to release sensitive files unless a ransom was paid.
Luxshare assembles devices, including iPhones, AirPods, Apple Watches, and Vision Pro products, for Apple, one of its largest clients. According to the attackers’ claim, the breach occurred in mid-December 2025 and affects data connected to multiple technology companies, including Apple and US-based chip maker Nvidia. The group identified itself as “RansomHub” and announced the incident on a darknet forum, urging Luxshare to make contact to prevent the disclosure of confidential material.
Analysis of a sample of leaked data suggests that the breach may include technical documentation and project records. Items reportedly attached by the attackers include engineering design files such as 3D computer-aided design (CAD) models, circuit board layouts, and other product architecture data that are typically protected by non-disclosure agreements between manufacturers and their partners. Personal identifiable information of employees working on internal projects is also alleged to be part of the exposed material.
The potential implications of the breach extend beyond immediate technical documents. Confidential design data could enable competitors to replicate products or compromise hardware security if exploited. Theft of internal engineering files may undermine years of research and development and complicate supply chain integrity. Security experts note that access to detailed schematics and component specifications can facilitate reverse engineering and counterfeit production in global markets.
Luxshare has not publicly confirmed the breach or provided details about its scope. Apple and Nvidia, whose products are named in the attackers’ claims, have also not issued statements verifying the exposure of their data. Industry observers caution that ransomware groups may exaggerate claims to pressure targets into payment, and independent verification of the extent of the breach is often difficult without official confirmation from the companies involved.
No information has been published about whether law enforcement or cybersecurity authorities are investigating the alleged breach. If confirmed, the Luxshare event would add to a series of high-profile supply chain security incidents that have highlighted vulnerabilities in interconnected manufacturing ecosystems.