A ransomware group known as World Leaks has published more than 200,000 files, a collection of roughly 630GB, stolen from Tata Electronics, one of Apple's most important manufacturing partners outside China. The group claimed the breach on its dark web leak site in mid-June. Tata has confirmed a cybersecurity incident, said its operations were not affected, restricted employee access to sensitive systems, and brought in outside security experts. Apple is investigating the incident alongside Tata, according to Reuters.
The detail that matters most is not the gadget content but the supply-chain exposure. The cache includes files mapping hundreds of individual iPhone 18 Pro components, including main logic board chips, battery parts, and camera modules, to the specific companies that make them. Apple treats those supplier relationships as a strict trade secret and does not list them in its public supplier database. Several files reportedly carry Apple "Confidential" watermarks and internal code names for unreleased models.
The leak also contains photos, and reportedly videos, of an iPhone undergoing internal drop testing at a Tata plant in early 2026. Reuters described the device as a conventional slab-shaped grey handset with a triple-camera setup and the Apple logo, closely resembling the iPhone 17 Pro. Apple has not commented on the authenticity of the circulating media, so the images should be treated as alleged.
It is worth separating two leaks that have blurred together online. The drop-test footage and supplier files come from the Tata breach. The widely shared A20 Pro motherboard details come from a separate image posted by Weibo tipsters, which has not been confirmed as authentic. Those specs, an A20 Pro built on TSMC's 2nm process, WMCM packaging that moves the memory beside the processor for better cooling, LPDDR6 on a 96-bit bus, and a reported 12GB of RAM, line up with long-running industry rumors but remain unverified. Treat them as leaker claims, not breach facts.
The breach is not Apple's alone. The same dump reportedly includes files tied to Tesla, TSMC, and Qualcomm, all connected to Tata Electronics as clients or suppliers. World Leaks has previously claimed an attack on Nike. That spread turns a single contractor's compromise into a window onto a large slice of the global electronics supply chain.
Get the ICD Newsletter
Subscribe for source-forward cyber news, OSINT notes, breach updates, and analysis. Have evidence or a lead? Send it to ICD.
