Foxconn, the world’s largest contract electronics manufacturer, has officially confirmed a cyberattack targeting its North American operations, after the Nitrogen ransomware gang publicly listed the company on its data leak portal. The group claims to have exfiltrated a staggering 8 terabytes of sensitive data — more than 11 million files — from Foxconn’s internal systems.
The Attack and Nitrogen’s Claims
The Nitrogen ransomware group made its move on Monday, May 12, 2026, posting Foxconn on its breach-and-extortion site and asserting it had stolen a massive trove of confidential corporate data. The following day, Foxconn publicly acknowledged the breach.
A company spokesperson confirmed to media: “Some of Foxconn’s factories in North America suffered a cyberattack. The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery.”
Reports indicate the affected facilities include Foxconn’s plant in Mount Pleasant, Wisconsin, and a factory in Houston, Texas. During the disruption, some staff were temporarily forced to use pen and paper or work from home while production systems were taken offline for containment and remediation.
What Was Allegedly Stolen?
The Nitrogen gang’s claims about the stolen data are alarming in scope. According to the threat actors, the exfiltrated files include:
- Confidential internal instructions and project documentation
- Technical drawings and circuit board layouts tied to major tech vendors
- Temperature sensor data and integrated circuit documentation
- Network topology maps linked to projects involving AMD, Intel, and Google
Analysis of publicly released sample files confirmed financial documents connected to the Houston facility, as well as architectural infrastructure maps. Security analysts were particularly alarmed by the alleged theft of network topology data for major technology partners.
“The real concern is that Google and Intel’s network topologies have been stolen. Because this is an architectural map of operational infrastructure, attackers could use this data to identify vulnerabilities in data centers around the world,” warned security analyst Mark Henderson.
Despite Nitrogen’s claims that Apple project files were among the stolen data, early analysis of the available sample files does not appear to confirm Apple circuit diagrams or product development documents. Foxconn’s Mount Pleasant facility primarily manufactures televisions and data servers, not Apple devices.
Who Is the Nitrogen Ransomware Gang?
Nitrogen is a ransomware operation active since 2023, believed to be built on leaked source code from the Conti 2 builder. The group operates a double-extortion model: encrypting victim data while simultaneously threatening to publish stolen files publicly if ransom demands are not met. Security researchers suspect Nitrogen has links to the notorious ALPHV/BlackCat ransomware ecosystem.
The gang has been targeting large enterprises across various sectors, making Foxconn a high-profile addition to its victim list. Because Foxconn simultaneously supplies components and assemblies for many of the world’s largest tech companies, the downstream implications of this breach could extend well beyond the manufacturer itself.
Foxconn’s Response and Recovery
Foxconn stated that affected factories are currently resuming normal production, though the company declined to confirm whether any customer data was actually stolen or whether a ransom has been paid. The company’s rapid response emphasized containment and continuity of operations.
This incident marks at least the third time Foxconn has faced a major ransomware attack, following incidents in 2020 and 2021 that resulted in significant operational disruptions and data exposure. The recurring pattern suggests that despite prior experience, the company remains a prime target for ransomware operators seeking access to valuable supply chain data.
Implications for Global Supply Chain Security
The Foxconn breach is a stark reminder of the systemic risks that large contract manufacturers pose to the broader technology ecosystem. Because companies like Foxconn simultaneously handle sensitive intellectual property, design documents, and infrastructure data for dozens of major technology vendors, a single breach can cascade across the entire supply chain.
Organizations that work with contract manufacturers should urgently review their data-sharing agreements, assess what proprietary information partners can access, and ensure that third-party security standards meet internal requirements. As ransomware gangs increasingly target high-value supply chain intermediaries, the weakest security link may no longer be internal — it may be a trusted partner.
Investigations are ongoing. Security teams at partner organizations — particularly those whose network topology data may have been exposed — should conduct thorough reviews of their infrastructure and consider defensive posture changes in light of this significant breach.