Foxconn Confirms Cyberattack, Confidential Files of Apple and Nvidia Potentially Leaked

Foxconn (Hon Hai Precision Industry) of Taiwan, a critical supplier for major hardware companies like Apple and Nvidia, has confirmed it suffered a cyberattack on its North American facility. The affected factory is reportedly returning to normal operations.

Background and Claims of the Attack

On May 12, 2026, a Foxconn spokesperson issued a statement to The Register confirming that “some factories in North America were subjected to a cyberattack.” The company explained that its “cybersecurity team immediately activated response mechanisms and implemented multiple operational measures to ensure continuity of production and delivery,” reporting that “the affected factories have now resumed normal production.”

Behind the attack lies a group calling itself Nitrogen. On May 12, the group listed Foxconn on its data leak site, claiming to have compromised the company and stolen over 8 terabytes of data comprising more than 11 million files. The allegedly leaked data is said to include “confidential instructions, internal project documents, and technical drawings” related to projects for major companies Foxconn manufactures for, such as Intel, Apple, Google, Dell, and Nvidia.

Foxconn declined to confirm whether these, or any customer information, had been compromised.

Characteristics and Risks of Nitrogen Ransomware

Activity of the Nitrogen ransomware has been observed since around 2023. It is considered one of various ransomware derivatives that borrowed builder code from the previously leaked Conti ransomware.

A particularly concerning aspect of this attack is the group’s technical flaw. Security firm Coveware had warned in February 2026 that Nitrogen’s decryption tool contains programming errors, meaning victims may not be able to recover encrypted files even if they pay the ransom. This issue is reportedly linked to the group’s malware targeting VMware ESXi. This implies that even if Foxconn were to pay the ransom, there is an extremely low guarantee of data recovery.

Lineage of Cybercrime Targeting Foxconn

This is not the first time Foxconn has been targeted by ransomware groups. In 2024, the LockBit ransomware group claimed to have infected Foxsemicon Integrated Technology, a semiconductor equipment manufacturer within the Foxconn Technology Group. The same criminal group also attacked a Foxconn subsidiary in Mexico in 2022.

Foxconn is a massive Electronics Manufacturing Services (EMS) company that mass-produces products for major tech firms worldwide. Its supply chain underpins the global electronics industry. Therefore, a breach of its systems could directly impact the production of products from companies like Apple and Nvidia, making its security posture critically important.

This incident once again highlights that every stage of the supply chain can be a target for cyberattacks, and that once data is compromised, there is a risk it cannot be fully recovered even if a ransom is paid.