Skip to main content
Emerging ThreatsData Breaches

Foxconn Cyberattack Exposes Sensitive Data from Apple, Nvidia Projects

Factory floor with industrial equipment, computer terminals, and a hint of a network room in the background.

“Some of Foxconn's factories in North America suffered a cyberattack,” a Foxconn spokesperson told The Register.

Foxconn confirms North American factories hit, says production resuming

Foxconn acknowledged a cyberattack affecting its North American operations and described an immediate corporate response. “The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery,” the company told The Register, and added that “the affected factories are currently resuming normal production.” At the same time, Foxconn declined to confirm whether customers’ information was taken in the intrusion.

Nitrogen gang claims 8 TB and more than 11 million files tied to Apple, Nvidia, others

The data-leak site run by the Nitrogen ransomware group posted a claim that it had breached the Taiwan-based company and stolen 8 TB of data comprising more than 11 million files. According to the group, the cache includes “confidential instructions, internal project documentation, and technical drawings related to projects at Intel, Apple, Google, Dell, and Nvidia, among others.” The Register reported the Nitrogen posting on Monday; Foxconn’s statement to The Register did not confirm or deny those specific customer-related allegations.

Nitrogen’s lineage and a technical obstacle to recovery

The Nitrogen crew, active since 2023, is described in the reporting as one of several ransomware offshoots that borrowed code from the leaked Conti 2 builder. That lineage matters here because, according to researchers cited by The Register, a separate technical problem could limit victims’ options. In February, Coveware researchers warned that a programming error prevents the gang’s decryptor from recovering victims’ files — specifically in the group’s malware that targets VMware ESXi. The Coveware finding led researchers to conclude that paying a ransom demand to Nitrogen “may not guarantee recovery of encrypted files,” and in some cases could be futile.

Foxconn’s ransomware history: LockBit 2024 and an earlier subsidiary hit

This is not the first time entities within the Foxconn corporate family have been named by ransomware crews. In 2024, LockBit claimed to have infected Foxsemicon Integrated Technology, described as a semiconductor equipment manufacturer within the Foxconn Technology Group. The same criminal crew reportedly hit a Foxconn subsidiary in Mexico in 2022. The Register’s account places the current Nitrogen claim in that recent pattern of incidents.

What this means for technologists, affected enterprises, and supply‑chain managers

Technologists and security teams will be watching two technical questions closely: whether any of the alleged 8 TB and more than 11 million files can be independently verified, and whether the Coveware-identified decryptor bug applies to any encryption used in this incident. A broken decryptor changes the calculus for incident response and for decisions about ransom negotiations.

Affected enterprises named in the Nitrogen posting — Apple, Nvidia, Intel, Google, and Dell — will need to assess whether their project documentation or technical drawings are implicated; Foxconn declined to confirm customer data were taken. Supply‑chain managers and procurement teams that rely on Foxconn as “a critical supplier for major hardware companies like Apple and Nvidia” will be monitoring continuity statements and production status, given Foxconn’s assertion that affected factories are resuming normal production.

The core facts as reported are straightforward: Nitrogen claims a large theft, Foxconn confirms a North American cyberattack and that production continuity measures were deployed, and independent researchers previously warned of a decryptor defect that can prevent recovery from this particular ransomware family’s ESXi-targeting malware. Each element — the volume and nature of the alleged data, Foxconn’s operational response, and the decryptor reliability question — will shape both technical response and commercial fallout.

The Register’s report is the source for the claim and Foxconn’s statement; read the original coverage here: https://www.theregister.com/cyber-crime/2026/05/12/foxconn-confirms-cyberattack-after-nitrogen-claims-apple-nvidia-data-theft/5239144