MOUNT PLEASANT, Wisconsin — May 13, 2026 : Foxconn has confirmed that several of its North American manufacturing facilities were targeted in a cyberattack following claims by the Nitrogen ransomware group that it breached the company’s network and exfiltrated more than 8 terabytes of data.
The company acknowledged the incident in a statement issued on May 12, 2026, saying its cybersecurity team immediately activated internal response procedures to contain the breach and maintain manufacturing operations.
“The cybersecurity team immediately activated the response mechanism and implemented multiple operational measures to ensure the continuity of production and delivery. The affected factories are currently resuming normal production,” a Foxconn spokesperson stated.
U.S. Facilities Impacted
The cyberattack primarily affected Foxconn facilities in the United States, including the company’s manufacturing complex in Mount Pleasant, Wisconsin, and another operational site in Houston, Texas. The disruption reportedly began in early May and caused temporary outages across internal IT and network systems.
Employees at the Wisconsin facility reported Wi-Fi disruptions and interruptions to internal digital systems, forcing some staff to temporarily shift to manual paper-based processes. Some workers were also reportedly sent home during parts of the outage while systems were being restored.
Foxconn stated that despite the IT disruptions, production operations were not permanently halted. The company said affected factories are gradually returning to normal operational status, although it has not provided a timeline for full restoration of internal networks.
Nitrogen Claims Theft of 11 Million Files
The Nitrogen ransomware group claimed responsibility for the breach on May 11 after listing Foxconn on its dark web leak site. The group alleged it had stolen approximately 11 million files totaling more than 8TB of data from Foxconn’s network infrastructure.
According to the ransomware group, the stolen data includes confidential instructions, technical hardware drawings, internal project documentation, circuit board layouts, integrated circuit documentation, temperature sensor records, and financial files associated with the Houston facility.
Nitrogen also claimed the compromised files contained information connected to projects involving major technology companies including Apple, Intel, Google, Dell, Nvidia, and AMD.
Foxconn has not confirmed the authenticity or scope of the alleged stolen data and has not stated whether customer information was compromised.
Analysts Review Leaked Samples
Cybersecurity analysts reviewing sample files released by Nitrogen reported that some leaked documents appeared to include network topology maps linked to Google and Intel projects. Security researchers noted that such infrastructure maps could potentially expose operational architecture details that may be useful in identifying vulnerabilities within data center environments.
However, analysts examining the leaked material also stated that no critical Apple consumer product schematics or sensitive quality-control documentation appeared in the initial sample release. Researchers noted that Foxconn’s Mount Pleasant facility primarily manufactures televisions and data servers rather than Apple consumer devices.
Nitrogen Ransomware Group
Nitrogen emerged in 2023 as a ransomware-as-a-service (RaaS) operation using a double-extortion strategy in which attackers both encrypt corporate systems and threaten to publicly release stolen data.
Cybersecurity researchers monitoring the group recently identified a programming flaw affecting Nitrogen malware used against VMware ESXi environments. According to security analysts, the flaw can corrupt public encryption keys during the attack process, potentially making encrypted files unrecoverable even if victims obtain the group’s decryptor tool after paying a ransom.
Security firms have warned organizations that ransom payments may not successfully restore encrypted data in incidents involving the flawed malware variant.
Ongoing Response
Foxconn, one of the world’s largest electronics contract manufacturers, operates more than 230 factories across 24 countries, including facilities in Wisconsin, Ohio, Texas, Virginia, Indiana, and multiple locations in Mexico.
The company has not disclosed whether it has received a ransom demand or whether negotiations with the attackers are taking place. Foxconn stated that its current priority remains securing affected infrastructure, restoring full network stability, and ensuring continuity of production across its North American operations.
——— End of Article ———
