Luxshare investigates alleged ransomware breach threatening Apple, Nvidia and LG Data

Luxshare Precision Industry, a China-based electronics manufacturing giant and a key assembler for Apple products, is facing an alleged ransomware attack in which attackers claim to have encrypted sensitive company data and are threatening to leak information tied to Apple, Nvidia and LG unless a ransom is paid.

The incident is said to have occurred last month, with the attackers asserting that data belonging to Luxshare and its partners was encrypted on Dec. 15, 2025. The group behind the intrusion, identifying itself as RansomHub, publicly claimed responsibility on a dark web forum and accused Luxshare of concealing the breach. The attackers urged the company to make contact to prevent confidential data and project documentation from being released.

Luxshare plays a central role in the global electronics supply chain. The company assembles several major Apple products, including the iPhone, AirPods and Apple Watch, placing it in possession of detailed manufacturing, logistics and engineering information related to some of the world’s most widely used consumer devices.

Researchers who examined a sample of data allegedly taken in the breach found material that appears to relate to confidential projects involving device repair and shipping operations between Luxshare and Apple. The files reportedly include timelines, process documentation and references to other Luxshare clients. The sample is also said to contain personally identifiable information of individuals assigned to specific projects, including full names, job titles and work email addresses.

The reviewed materials reportedly span projects dating from 2019 through 2025 and include files commonly used in product design and manufacturing, such as engineering drawings, circuit board layouts and design files used to create hardware models. Based on the contents of the sample, the researchers assessed the data as appearing legitimate, although the breach itself has not been independently confirmed.

RansomHub claims it has broad access to Luxshare client data beyond what was shown in the sample. The group alleges possession of extensive engineering and manufacturing archives, including three-dimensional product models, mechanical and electrical design documentation, printed circuit board manufacturing data and high-precision geometric information. The attackers assert that the archives include material connected to Apple, Nvidia, LG and several other major industrial and technology companies.

If verified, the exposure of such data could pose significant risks for Luxshare and its partners. Detailed engineering and design files could enable competitors or criminal groups to reverse-engineer products, accelerate counterfeit manufacturing or exploit undisclosed hardware vulnerabilities. The information could also be used to support supply chain or firmware-focused cyberattacks by revealing internal system architectures and component layouts.

Luxshare, headquartered in Shenzhen, employs more than 230,000 people and reports annual revenue exceeding $37 billion, making it one of the largest electronics manufacturers in the world. The company’s role in Apple’s supply chain has expanded in recent years as Apple diversified production away from other major assemblers following disruptions linked to labor unrest.

The company has been contacted for comment, and Apple has also been approached regarding the claims. No public responses had been issued at the time of publication.

RansomHub emerged in 2024 and has since established itself as a major player in the ransomware ecosystem. The group operates a ransomware-as-a-service model and is known for targeting industrial manufacturing and healthcare organizations. Its tooling reportedly allows for remote encryption by exploiting exposed and unprotected systems, a tactic designed to reduce detection and improve attack success rates.