Apple supply chain member Luxshare suffered a major data breach in December, and hackers that pilfered the files are now offering it for sale on the dark web. It looks legit.

The Apple supply chain is typically a very secure system, and core to the existence of Apple itself. This leads it to become a big target for hackers, and occasionally supply chain partners become victims to hacks.

Luxshare has fallen to a ransomware attack, reports CyberNews. The attack took place on December 15, 2025, but has yet to be officially revealed by Luxshare, Apple, nor other companies that use the contract assembler.

This looks like the attack that was reported on in late December, that hit an Apple assembly partner, that wasn't named at the time. Also at the time, it was thought that the attack compromised some production-line information.

RansomHub are prolific hackers, and claimed the credit for the attack via a dark web forum. The group claims that they have secured a number of different and sensitive files from Luxshare, including data sourced from Apple itself.

"We were waiting for you for quite some time, but it seems that your IT department decided to conceal the incident that took place in your company," RansomHub taunted Luxshare in a message. "We strongly recommend that you contact us to prevent your confidential data and project documents from being leaked."

Product data haul

The report believes that the data stolen from Luxshare includes a number of confidential projects, specifically dealing with device repair and shipping. This apparently included timelines and detailed processes, and the personal identifiable information of people working on specific projects, dating back to 2019.

While the ransomware hackers allegedly acquired a myriad of files, regarding everything from production processes to device repair, some of the filetypes supposedly taken from Luxshare have greater potential than others. If the group has what it claims it has, then we could see multiple product designs surface in their entirety.

To be more specific, RansomHub says that it has access to the following types of files:

  • .prt(3D CAD files)
  • .x_t (Parasolid files)
  • dwg (2D CADs)
  • dxf (2D CADs)
  • PDFs with schematics
  • Gerber files and PCB design data

AppleInsider spoke to people familiar with the production and design processes of Apple suppliers, who offered additional insight about the filetypes used during product prototyping. Based on what we were told, the .prt files are easily the most significant of the bunch, because of what they contain.

During development, each hardware component of an Apple product is modeled in .prt files, which are used with the Windows-only design utility known as Siemens NX.

Apple makes .prt files of every part that makes up an iPhone, iPad, or Apple Vision Pro. In essence, if the RansomHub attackers really obtained .prt files, that means they have the exact details and dimensions of every screw, bracket, spacer, and everything else in between needed for a prototype iPhone.

Parasolid files, with the file extension .x_t, are also allegedly among the files taken by the attackers. This is essentially another 3D CAD filetype, though its significance is nowhere near the level of .prt files. Parasolid files are generally used for specific components and stealth cases for upcoming iPhone models.

RansomHub also claims to have acquired "engineering drawings" in PDF format, which is Apple-speak for product schematics. These sorts of documents, also created with Siemens NX, often contain the exact dimensions of individual components, or of an Apple product as a whole. Sometimes they can also include information on the materials used, we were told.

Gerber files, which essentially contain the layouts of printed circuit boards in 2D, were also allegedly among the files taken from Luxshare. Though typically not of interest to the general public, Gerber files could prove useful to Apple's rivals, letting them improve their product designs based on Apple's existing work.

However, there are limiting factors at play. Luxshare, understandably, doesn't manufacture every single Apple product, nor does the company typically assemble every type of iPhone.

The attackers have also shared links to some files supposedly sourced from Luxshare. AppleInsider won't share the links for obvious legal reasons, but the files appear to be legitimate.

As Luxshare was a contract manufacturer, the files cover multiple clients. The attackers claim this includes data files from Apple as well as Nvidia, LG, Geeky, Tesla, and other major companies.

For Apple specifically, Luxshare worked on:

The attack could have big consequences for Apple, Luxshare, and its clients. This can include handing over data to competitors, which could be used to reverse-engineer products and lead to the production of counterfeit products.

For rivals, this could also be an opportunity to get a leg up on improving the designs of their own products, by getting an indepth look at how Apple does it.

There's also the potential security implications, as the data could give attackers a window into the workings of a product and help locate a new weakness. This could include new chip weaknesses, or even working to attack other individual components.

While the attack won't directly impact end users, since it affected the manufacturing elements of Apple instead of any customer-facing areas, it could cause problems in the long term. Aside from the risk of new attack vectors in the future, there could be changes made to the supply chain, in turn affecting the production and scheduling of future Apple products.