| 2026-04-29 18:16:08.662850 |
Costa Solutions, LLC |
aurora |
Costa Solutions, LLC — a privately held managed-labor and warehousing company headquartered in San Antonio, Texas, with ~$140M annual revenue and 200–1,000 employees.
The file server contained the complete operational, financial, legal, and human resources infrastructure of the company:
3,000–8,000+ individuals' personal data — current employees, former employees (12 years of records), independent contractors, employee dependents, and job applicants. SSNs on W-2s, W-4s, 1099s, I-9s, background checks. Bank account and routing numbers on 200+ direct deposit forms.
Medical and injury records — 150+ employee injury/medical files from 2013–2026, FMLA medical certifications, drug test results (random, reasonable suspicion, post-incident, promotional), and workers' compensation claims for 23+ named individuals.
CEO's entire file system — Josh Wean's Documents folder (5.3 GB) including P&L statements, a 17-subfolder "Confidential" directory, legal correspondence, strategic plans, a C-12 peer advisory group archive, and a $RECYCLE.BIN with 60+ deleted items.
Client contracts and competitive intelligence — pricing, SLAs, and contract terms for HEB, CVS, Sysco, Amazon, McLane, Labatt, Valvoline. Competitor pricing intelligence. RFP bid documents with cost models.
Active legal case files — litigation records (2021–2022), HR internal investigation notes (2018–2021), arbitration files, active investigations marked "DO NOT DELETE" — all subject to attorney-client privilege.
Infrastructure secrets — an HEB production server TLS certificate, a Cisco AnyConnect VPN installer, and the CEO's Remote Desktop connection file.
Corporate financials — multi-year budgets, valuation & sale documents (indicating possible M&A activity), PPP loan forgiveness records, Form 5500 ERISA filings, and annual reporting. |
Link |
| 2026-04-29 18:16:05.890229 |
Bayou Title, Inc. |
aurora |
Bayou Title, Inc. — the largest title insurance agent and closing/settlement services provider in Louisiana, with 19 full-service locations statewide.
The exfiltrated data spans 20+ years of operations (2004–2026) and includes:
70,000–100,000+ Social Security numbers paired with names, addresses, and sale proceeds from 1099-S real-estate closing worksheets covering all 19 offices across three tax years (2018–2020), plus W-2 and 1099-MISC filings.
Complete employee payroll databases — 10+ instances of Sage 50 EMPLOYEE.DAT files containing SSNs, bank account numbers, routing numbers, pay rates, tax withholding, and direct deposit details for current and former employees.
103 GB of title abstracts — ~34,000+ PDFs documenting ownership chains, liens, and mortgages for properties across Louisiana.
44 GB of GreenFolders DMS transaction packages (2012, 2013, 2019) — complete closing file archives containing HUD-1 settlement statements, identity verification documents, SSN cards, and tax records. Filenames contain encoded tags (ssn, hud, soc, tax).
Plaintext credentials for government portals — a file literally named Lafayette Assessors lcmenard Password4321.url, plus a PDF containing Orleans Parish system login credentials.
Attorney-client privileged documents — wills, attorney engagement letters, and legal opinions prepared by licensed Louisiana attorneys. |
Link |
| 2026-04-29 18:10:17.280096 |
Color Communications LLC |
secp0 |
The exposed dataset includes over 200,000 unique files containing sensitive information on more than 4,500 individuals and over 5,500 organizations... Open post |
Link |
| 2026-04-29 18:09:54.959058 |
Advanta Genetics LLC |
aurora |
Advanta Genetics LLC — a respected CLIA/CAP-accredited clinical toxicology and molecular diagnostics laborator. The exposed material includes: Tens of thousands of real patient lives — including highly sensitive chronic opioid therapy charts flagged by the Texas Medical Board and elderly Medicare audit records. Provider identities and prescribing power — SSNs, DEA numbers, and state licenses from 20+ states that can be turned into black-market "script pads". Gold-standard identity theft kits — W-2s, I-9s with passport scans, and full employee packages for 50+ staff. 102 complete QuickBooks company files exposing every vendor, payroll run, bank link, and financial secret across the Advanta/RedLeaf/OSPRI empire. High-value trade secrets — OSPRI Biopath investment decks, valuation models, FDA pre-submission packets, and the proprietary "The Brain" AI diagnostic architecture. Explosive privileged attorney-client memos on active regulatory battles (Texas Medical Board Remedial Plan #19-153 and a federal NORA subpoena). Active Directory domain controller data (NTDS.dit and SAM hives). |
Link |
| 2026-04-29 18:09:54.047828 |
Baresque Group |
aurora |
Baresque Group — a respected commercial-interiors company headquartered in Perth, Australia, with offices in Dallas, Chicago, and Brussels.
The exposed material includes:
100+ passport scans, 35 birth certificates, 60+ driver's licences, 50+ TFN declarations — the complete identity-theft toolkit for the entire workforce, spanning Australia, the US, and Europe.
Plaintext credentials for every critical system — Microsoft 365, HR platform (Elmo Talent), remote-access gateway (LogMeIn), phone system (3CX), ERP (Jim2) — all in browser-export CSVs and an enterprise-wide Password_Listing.xls that had been sitting on a shared drive since at least 2017.
4 TLS private keys for customer-facing domains — enabling impersonation of the company's websites.
343 GB of product R&D — SolidWorks CAD files, manufacturing specifications, and product blueprints for Zintra acoustic panels, FUNC furniture, botton+gardiner wallcoverings, and Scribblr surfaces. The complete design library.
Two years of board packs, financial reports, and cash-flow models — the company's entire strategic and financial position laid bare.
Privileged legal documents — active subpoena files, sworn affidavit exhibits, Fair Work Australia tribunal filings, and settlement agreements with confidentiality clauses.
Workers compensation medical records naming specific employees with diagnoses, treatment plans, and claim amounts. |
Link |
| 2026-04-29 18:09:53.129971 |
Cheval Blanc Randheli |
aurora |
Guest Passport Scans — 75,855 Files, 10 Years
The single largest data category: 75,855 passport scan images spanning January 2015 through October 2024, organised in daily folders within monthly and yearly directories. These represent an estimated 20,000–30,000 unique guests. Each scan contains the full passport bio page: photo, full name, date of birth, nationality, passport number, machine-readable zone (MRZ), and signature.
Among the exposed passports:
Qatar Royal Family members — 9 passport scans including Muhammad Mesned S M Al-Misned, Abdulla, Khalifa, Lolwa, Nasser, Alanoud, Bessy, and Mesned
UAE VIP and government officials — including H.E. Ahmed Saif Ali Aldhabea Aldarmaki, H.E. Matar Suhail Ali Alyabhouni Aldhaheri, and members of an April 2024 private buyout group who arrived on private jets (tail numbers A6AUH, A6DAH)
LVMH head-office executives — 7 passport/profile photos including named senior staff from Paris
Guest PMS Data — 30,000–50,000 Profiles
Opera PMS exports containing full names, home addresses (street-level), nationalities, VIP classification levels (A/B/C/G), partial credit card data (last-4 digits + expiry + card type), deposit amounts, booking confirmation numbers, stay histories, travel agent details, flight numbers, and guest preferences.
Employee Records — 1,000–2,000 Individuals
Ten years of salary records (2017–2026), medical insurance claims organised by department, ~200 ECARD ID photos, vacation/leave records, Key Management Personnel (KMP) compensation details, and biometric enrollment data from the Gladis facility-access system.
Credentials and Infrastructure
BitLocker recovery key — full disk-encryption key for the Windows server volume
Passwords.docx — plaintext system password store covering revenue, PMS, and operational systems
Extranet passwords — booking-portal and vendor credentials
3CX VoIP backup — SIP credentials, extension configurations, call routing rules
Biometric templates (Gladis enrollment) — non-rotateable fingerprint/facial data
Corporate-Sensitive Documents
Management Contract of Cheval Blanc Randheli — the LVMH–property owner agreement containing fee structures, performance benchmarks, and brand license terms
Board investment recommendation for Velidhoo — a potential new property with capital allocation and return projections
10 years of budgets and revenue forecasts
Audited subsidiary financial statements (I&T / Sitax entities)
White Book — the property's operational standards manual (proprietary LVMH brand IP)
Building Management System data — HVAC, power, desalination, and lighting control files for island infrastructure |
Link |
| 2026-04-29 18:09:52.207134 |
Law Offices of Michael A. Freedman, P.A. (maflaw.com) |
aurora |
Law Offices of Michael A. Freedman, P.A. (maflaw.com). The exfiltrated corpus is 579 GB used / 143 GB at root level / 196,701 files / 19,231 directories, dated as recently as a year-2026-in-progress client matter.
What this means for a plaintiffs' PI firm of ~25 staff:
656 client-matter folders organised across eight yearly parents from June 2019 through 2026-in-progress. Per-client medical records, HIPAA authorisations, police reports, settlement releases, IOLTA distribution sheets, retainer agreements, and treating-provider correspondence.
Two staff Outlook archives at 2.1 GB each, plus a 505 MB Outlook backup, plus 27 enumerated .pst files — years of attorney–client privileged correspondence, settlement strategy, opposing-counsel comms.
The complete Sage ACT. Pro v18 contact universe — the live database plus eight historical ZIP backups going back to 2013 plus a 9.3 MB plaintext export (ACT!-Contacts.txt) that any text editor can open. Estimated 5,000–12,000 contacts.
The firm's master credential vault in a Word document called Woodywoody78!.docx (the filename is itself the vault password). Plaintext credentials for M&T Bank multi-identity business + commercial accounts (with electronic-payment-approval authority), Bank of America, Paychex, QuickBooks, and the firm's federal EIN. Plus the senior partner's phone-unlock PIN.
A staff browser-exported password CSV (32 plaintext credentials) including the M365 tenant, the Slack tenant, hospital portals (MedStar, GBMC, Allstate secure mail), MoveDocs, ChartRequest, MSHC Legal portal — plus residual credentials from prior employers SLF Law and Bailey Law, creating cross-firm contamination liability.
The Universal Licensing / Freedman Consulting invention-promotion operation — a second line of business under the same EIN, with hundreds of inventor folders. Per-inventor unpublished invention disclosures, “Internet Presentation of Invention” decks, NDAs, Exclusive Patent License Agreement drafts, patent-art renderings, and per-managed-mailbox client-company passwords.
A criminal-defense sub-practice (“SLF criminal” out of Janice's working folder) with retainer agreements and per-client court documents, carrying 6th-Amendment-attorney–client uplift on the privileged-track scoring.
An Axon evidence.com MPIA-released body-worn-camera package (449 MB total; a 448 MB clip from the 2020-12-20 Park Baltimore incident). |
Link |
| 2026-04-29 18:09:51.220746 |
Atlas Metal Industries Inc |
aurora |
Atlas Metal Industries Inc. — a privately held commercial-foodservice-equipment manufacturer headquartered in Miami, Florida.
The dataset is a complete Microsoft Dynamics GP environment: production databases, payroll records, system credentials, Autodesk Vault product-design backups, CNC fabrication programs, and all supporting infrastructure configuration. The exfiltration occurred on or about April 8, 2026; the attack was identified April 22, 2026.
The exposed material includes:
15.8 GB of payroll-records database (PYREC) — full Employee Master with SSNs, DOBs, addresses, direct-deposit bank routing numbers, salary, W-4 tax data, garnishments, and check history dating to at least 2018.
30+ SQL Server login accounts with password hashes in a sp_help_revlogin dump — named employees, system admins (DYNSA, sa), service accounts, and Active Directory domain accounts.
74 GB of Autodesk Vault Professional backup — complete product-design history from 2019 through 2026, covering every product line Atlas Metal manufactures.
Hundreds of CNC fabrication programs — laser-cutter and Amada punch-press G-code for the full catalogue of sheet-metal components.
A base64-encoded SQL credential for the TimeClock Plus timekeeping system, stored in plaintext XML.
8 SQL Server databases with full backup chains — ATLAS (primary), PYREC (payroll), DYNAMICS (system), TEST (18 GB dev clone), TWO, AMIT, plus system databases (master, msdb, DynamicsGPSecurity). |
Link |
| 2026-04-29 16:57:19.403507 |
Winona County |
interlock |
https://www.winonacounty.gov/
Winona County is located in the Mississippi River blufflands of southeastern Minnesota. They have been negligent regarding security and the data they store, which has resulted in a breach and the public disclosure of all the confidential data they held. As a result, we are now able to offer you a large database containing resident records, tax and budget documents, police records, and data from other institutions. |
Link |
| 2026-04-29 14:55:59.282601 |
Shenzhen Gongjin Electronics |
blackwater |
Shenzhen Gongjin Electronics, founded in 1998 and also known as T&W, is a telecommunications manufacturing company specializing in broadband communication technology. |
Link |
| 2026-04-29 12:57:27.715331 |
Nordstern Technologies |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:26.251119 |
ParkEngage |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:25.149878 |
Saleskido |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:24.168161 |
Interzero |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:23.212453 |
IMEVI |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:22.273235 |
Rotary Club |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:21.277756 |
JOT |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:20.160299 |
BookBlock |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:19.173369 |
Crank Communications |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:17.854340 |
CrediElite |
fulcrumsec |
|
Link |
| 2026-04-29 12:57:16.684769 |
Fashinza |
fulcrumsec |
|
Link |
| 2026-04-29 12:38:44.821390 |
planetsport.ma |
lockbit5 |
Planet Sport is your go-to online store for sports gear in Morocco. They help athletes and fitness f... |
Link |
| 2026-04-29 12:38:43.841410 |
pricon.com.ph |
lockbit5 |
Pricon Microelectronics, Inc. (PMI) is an Original Equipment Manufacturer (OEM) and a subsidiary of... |
Link |
| 2026-04-29 12:38:42.888844 |
instapack.es |
lockbit5 |
Instapack is a professional courier service with over 30 years of experience, offering immediate del... |
Link |
| 2026-04-29 12:38:41.866794 |
stllc.org |
lockbit5 |
Welcome to St. Luke Lutheran Community
St. Luke Lutheran Community is a not-for-profit, continuing... |
Link |
| 2026-04-29 11:42:27.103133 |
Avnet |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:26.135391 |
Raptor Supplies |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:25.163004 |
Lena Health |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:24.189205 |
Woundtech |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:23.237371 |
youX / Drive IQ |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:22.300853 |
LexisNexis |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:21.336185 |
MCO |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:20.428734 |
ReFocus AI |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:19.473656 |
Hatica |
fulcrumsec |
|
Link |
| 2026-04-29 11:42:18.496552 |
Analog Gold / Prospector |
fulcrumsec |
|
Link |
| 2026-04-29 04:55:16.519050 |
https://www.fulcrumre.com/ |
inc ransom |
|
Link |
| 2026-04-29 03:56:18.464262 |
Mediaworks Kft |
worldleaks |
|
Link |
| 2026-04-29 02:56:28.805040 |
nbd3pl.com |
inc ransom |
|
Link |
| 2026-04-29 01:56:45.755157 |
boxtopia.co.uk |
m3rx |
+44 1476576090 . Boxtopia is the UK's leading supplier of custom cardboard boxes and printed boxes, specializing in short runs for small businesses with no minimum order. Stolen: 166gb 280k files |
Link |
| 2026-04-29 01:56:30.334513 |
Indonesia's Customs Analytics Platform |
everest |
|
Link |
| 2026-04-28 23:57:08.655516 |
osoftec.com |
m3rx |
+91 9717385459 . Optimization Software Technologies, LLP. is an advanced technology solutions development company that focuses on improving operational efficiency and profitability for its clients Stolen: 222gb 113k files |
Link |
| 2026-04-28 23:56:50.593916 |
cadencepetroleum.com |
chaos |
Company management has 48 hours to reach an agreement with us. If no agreement is reached, the files—totaling 400 GB—will be published.
Our objective is to provide our customers with the best products and services. Cadence Petroleum and our suppliers stand behind the products we offer. Regardle… |
Link |
| 2026-04-28 21:59:21.001513 |
Nephrology Associates |
insomnia |
Nephrology Associates, PA is a leading central Arkansas nephrology practice with seven highly trained physicians across seven locations. They provide compassionate kidney care, accept all insurances, and aim to create a welcoming environment for patients. |
Link |
| 2026-04-28 19:54:45.801017 |
Basch & Keegan |
qilin |
Law Firms & Legal Services |
Link |
| 2026-04-28 19:54:44.792309 |
Silicon Alley |
qilin |
Office Products Retail & Distribution |
Link |
| 2026-04-28 19:54:43.605340 |
KarmaData |
qilin |
Business Services |
Link |