WorldLeaks, the data extortion operation that emerged when Hunters International abandoned file-encrypting ransomware for pure data theft, posted claims against three organizations in a 24-hour window: Tata Electronics, an Indian manufacturer that produces components for Apple iPhones; First Federal Savings & Loan, a US community bank; and Reliance Group, described on the extortion site as a large Indian conglomerate headquartered in Mumbai.
The most consequential claim targets Tata Electronics — a distinct entity from Tata Technologies, which the same threat actor group previously breached — and places the Apple iPhone manufacturing supply chain at the center of a data extortion dispute.
Tata Electronics’ Role in Apple’s iPhone Manufacturing Supply Chain
Tata Electronics is an Indian manufacturing subsidiary of the Tata Group that produces precision-engineered electronics components, including parts used in Apple iPhones. The company is not the same as Tata Technologies, a different Tata subsidiary that Hunters International targeted in a prior breach that produced a 1.4 TB data leak. The WorldLeaks claim is against the manufacturing arm — the entity directly involved in producing hardware components for one of the world’s highest-volume consumer electronics supply chains.
The category of data a contract electronics manufacturer holds differs from a corporate services firm breach. Manufacturing specifications, quality control records, supplier agreements, and production parameters represent the operational and intellectual core of a component manufacturer’s business. In an Apple supply chain context, that data may include production details and engineering specifications with value beyond financial extortion — including to competitors or state-sponsored actors with industrial intelligence objectives.
WorldLeaks, Hunters International, and the Pattern of Targeting Tata Group Subsidiaries
WorldLeaks is a direct operational successor to Hunters International, which rebranded in January 2025 and shifted from ransomware encryption to a model based entirely on stealing data and threatening to publish it. The group has claimed over 142 victims total across both operating identities. Prior Hunters International targets included multiple healthcare organizations and Tata Technologies in a 2024–2025 campaign that resulted in the exfiltration and threatened release of 1.4 TB of corporate data.
The new claim targets a different Tata subsidiary — one with a more direct role in hardware manufacturing for Apple’s supply chain — suggesting a continued pattern of targeting large Indian industrial groups rather than an incidental overlap. WorldLeaks does not encrypt files or disrupt operations; it exfiltrates data and presents victims with a choice between paying to suppress publication or having the stolen records released publicly.
First Federal Savings & Loan and the Reliance Group Claims
First Federal Savings & Loan, a US community bank, is one of three organizations named in the WorldLeaks wave. Community financial institutions represent a consistent target category for extortion operations: they hold customer account data, personal financial records, loan documentation, and other FDIC-regulated information, while typically operating with smaller security and incident response teams than major national banks. The initial WorldLeaks posting did not quantify the scope of data claimed from First Federal, and the bank had not publicly commented on the claim at the time of disclosure.
WorldLeaks’ Reliance Group Claim Remains Unconfirmed by the Organization
WorldLeaks posted a claim against Reliance Group, described on the extortion listing as a large Indian conglomerate headquartered in Mumbai. If confirmed as referring to Reliance Industries, the claim would represent one of the most significant data extortion incidents targeting India’s corporate sector. The claim has not been independently verified and had not been publicly acknowledged by any Reliance entity at the time of the WorldLeaks posting. Extortion site claims are unilateral statements by the threat actor about what the group says it has stolen; they are not confirmed breaches until the targeted organization acknowledges the incident or stolen data is independently substantiated. The Reliance Group claim warrants monitoring but should be treated as unverified until further information is available.
WorldLeaks’ Three-Victim Wave and the Continued Focus on Indian Industrial Targets
WorldLeaks operates exclusively through data theft and threatened publication — no encryption, no operational disruption. Victims either negotiate a payment to suppress the data or face public release. The group inherited the technical capabilities and victim-targeting workflows of Hunters International, which spent two years developing data staging and OSINT infrastructure before rebranding. The three-victim posting covering Tata Electronics, First Federal Savings & Loan, and Reliance Group reflects a targeting mix that spans Indian manufacturing, US community banking, and Indian conglomerates — a breadth consistent with WorldLeaks’ established pattern of mixing high-visibility corporate targets across geographies rather than concentrating on a single sector. The Tata Electronics claim, if verified, would mark the second major Indian technology and manufacturing company in the Tata Group to be claimed by the same threat actor lineage.
