Claims that confidential files linked to companies including Apple, Nvidia and Tesla may have been exposed following an alleged cyberattack at a manufacturing supplier are drawing attention to the vulnerability of intellectual property in global supply chains, a cybersecurity executive said.
The incident involves Luxshare, a China-based contract manufacturer that supplies components and assemblies to several multinational technology companies and operates within highly interconnected production networks.
“Incidents such as the alleged Luxshare breach illustrate a critical and often underestimated reality for global manufacturers: Intellectual property is now one of the most valuable and most targeted digital assets an organisation holds,” said Darren Guccione, CEO and co-founder of Keeper Security.
For companies operating complex and high-value supply chains, Guccione said exposure of sensitive design data or engineering documentation could be as damaging as extended disruption to operations.
“Exposure of sensitive design data, engineering documentation or manufacturing schematics can be as damaging as prolonged operational outage,” he said.
Unlike breaches involving customer or payment information, compromise of proprietary designs directly affects long-term competitiveness, Guccione said.
IP breach strikes at long-term competitive advantage
“Unlike customer data breaches, IP compromise strikes directly at long-term competitive advantage,” he said. “Alleged exposure of CAD models, circuit layouts or engineering files could enable reverse engineering, counterfeit production or the identification of hardware-level weaknesses.”
Guccione said the consequences could extend beyond commercial harm, affecting regulatory compliance, supplier trust and, in some cases, broader economic and national security considerations.
“Once proprietary design data is exfiltrated, it cannot simply be rotated or reset in the way credentials or payment information can,” he said.
He said ransomware attacks were increasingly shifting away from encryption-only tactics towards theft and threatened disclosure of data, increasing the impact even when systems are restored.
“What makes modern ransomware incidents particularly concerning is the continued shift away from encryption-only attacks toward extortion through data theft and exposure,” Guccione said. “In these scenarios, the primary damage occurs even if systems are restored.”
As a result, he said, preventing unauthorised access to sensitive systems has become a central priority.
“This elevates the importance of preventing unauthorised access in the first place, especially to systems and accounts that store or can reach sensitive IP,” he said.
Guccione said identity security was increasingly the main line of defence in manufacturing environments where corporate IT systems, operational technology and third-party supplier access overlap.
“Strong identity security is central to this defence,” he said. “In complex manufacturing environments where IT, operational technology and supplier access converge, identity becomes the primary control point for protecting high-value data.”
None of the companies named have confirmed or publicly commented on the alleged breach. Luxshare has not issued a public statement on the incident.
