Foxconn Confirms Ransomware Hit; Nitrogen Claims 8TB of Apple, Nvidia Files
Foxconn confirmed a cyberattack on its North American factories on May 13, 2026, after the Nitrogen ransomware gang claimed it stole 8 terabytes and 11 million-plus files.
TL;DR — Foxconn confirmed a ransomware attack on its North American factories on May 13, 2026; the Nitrogen gang claims it stole 8 terabytes and over 11 million files, including drawings tied to Apple, Nvidia, Intel, Google and AMD.
When the world's largest contract electronics manufacturer gets hit, the blast radius isn't one company — it's everyone whose products that company builds. That is the uncomfortable lesson from May 2026, when Foxconn confirmed that a cyberattack struck its North American operations and a ransomware crew called Nitrogen began bragging about the haul.
If the gang's claims hold up, this is less a single breach than a window into the supply chains of half of Big Tech.
What Foxconn confirmed — and what it didn't
Foxconn kept its public statement tight. As BleepingComputer reported, the company confirmed the incident on May 13, 2026, saying: "Some of Foxconn's factories in North America suffered a cyberattack. The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery."
Notably, Foxconn did not confirm what was stolen. That part comes entirely from the attackers — and from researchers who've examined their leak site.
Nitrogen's claims are eye-watering
The Nitrogen ransomware group claimed responsibility on May 11, publishing details on its dark-web leak site. The numbers it posted:
- 8 terabytes of data exfiltrated
- More than 11 million documents
- "Confidential instructions, projects and drawings" allegedly belonging to Foxconn customers
And those customers are the headline. Per The Register, Nitrogen named Apple, Dell, Google, Intel, Nvidia and AMD among the firms whose data appears in the trove. TechCrunch reported reporting later corroborated the scope, and AppleInsider said it confirmed Apple server schematics were among the stolen files.
| Claim | Detail |
|---|---|
| Group | Nitrogen (active since 2023) |
| Data volume | 8 TB / 11M+ files |
| Tactic | Double extortion (steal + encrypt) |
| Named victims' data | Apple, Dell, Google, Intel, Nvidia, AMD |
| Affected sites | North American factories (reportedly Wisconsin, Texas) |
Why double extortion makes this worse
Nitrogen runs a double-extortion model: it steals data before encrypting systems, so even a perfectly restored backup doesn't end the threat. The gang can still leak the stolen files unless paid. That changes the calculus for a manufacturer — production can be back online while the most sensitive intellectual property remains a hostage.
This is the broader pattern of 2026's threat landscape. Ransomware volumes have plateaued at an elevated "new normal," with CRIL recording 702 ransomware incidents globally in March 2026 alone. The attackers have stopped going for quick wins and started going for leverage.
The supply-chain exposure nobody can opt out of
Here's the part that should worry every hardware company: none of these tech giants was breached directly. Their schematics leaked because a manufacturing partner was. You can harden your own network perfectly and still wake up to your unreleased server designs on a dark-web forum because a vendor three steps down the chain clicked the wrong thing.
That is the defining security problem of the era — not your perimeter, but everyone you trust inside it.
FAQ
Did Foxconn confirm Apple and Nvidia data was stolen?
No. Foxconn only confirmed a cyberattack on its North American factories. The claims about Apple, Nvidia and others' data come from the Nitrogen ransomware group, with partial corroboration from outlets like AppleInsider, which reported confirming stolen Apple server schematics.
What is double-extortion ransomware?
It's an attack where criminals steal data and then encrypt the victim's systems. Even if the victim restores from backups, attackers threaten to leak the stolen data unless paid — so backups alone don't neutralize the threat.
How were major tech companies' files exposed without being hacked?
Through supply-chain exposure. The companies weren't breached directly; their designs were held by Foxconn as a manufacturing partner, and Foxconn was the one compromised.
Sources: BleepingComputer, The Register, TechCrunch, AppleInsider.
Image: Foxconn, Public domain, via Wikimedia Commons.
← Back to all posts