Ransomware Group aurora Hits: Avanti Windows and Doors

12 May 2026

In the latest cybersecurity news, Avanti Windows & Doors — a company operating in the US — has fallen victim to a ransomware attack conducted by the group aurora. This data breach, discovered on 2026-05-12T11:20:59.313304+00:00, underscores the increasing need for proactive cybersecurity defenses as we continue through 2025.

In response to increasing cyber threats, it’s critical to protect your organization with proactive security measures. HookPhish provides enterprise-grade solutions designed to reduce your risk of future attacks:

Phishing Simulation – Test and improve employee readiness with realistic, controlled phishing campaigns.
Cybersecurity Awareness Training – Educate your team to recognize and respond to common attack tactics.
Data Breach Monitoring – Get real-time alerts if your organization’s data appears in public or dark web breaches.
Phishing Detection and Response – Detect, investigate, and neutralize phishing threats before they cause damage.

Protect your organization before it becomes the next headline. Explore HookPhish.

Incident Report

Attribute	Information
Target Organization	Avanti Windows & Doors
Threat Group	aurora
Summary	Avanti Windows & Doors — a vinyl window manufacturer headquartered in El Mirage, Arizona, with regional offices across Nevada, Texas, California, and Florida. The exposed material includes: Plaintext SQL Server SA (system administrator) credentials — the master key to the FeneVision ERP database containing every customer order, every price, every financial record the company has ever processed. Employee SSNs, W-4s, I-9s, and E-Verify data — the complete identity package for the entire workforce, from new-hire packets through payroll records spanning 2014–2016+. 1099-MISC/INT forms — SSNs/EINs and payment amounts for 50–200+ contractors and vendors across two tax years. Direct deposit authorizations — bank account and routing numbers for employees who enrolled in ACH payroll. 24+ months of Chase bank statements and 28 months of AMEX corporate card statements — full account numbers, transaction details, and spending patterns. The complete proprietary pricing algorithm — source code for the FastAPI backend that determines window pricing for every builder contract, plus 41+ builder Master Service Agreements with exact pricing terms. CPA-reviewed financial statements, partnership returns, K-1s, and budget forecasts — the company’s full financial anatomy, from cost structure to profit allocation. OSHA 300 logs, workers’ compensation audit files, and UHC health insurance invoices — employee medical and injury data, names of injured workers, treatment details. Attorney-client privileged ADOSH settlement correspondence — OSHA settlement negotiations between outside counsel and the CEO. ~80 Windows roaming profiles — employee desktops, documents, AppData, Outlook .ost/.pst files, browser caches, and cached credentials.
Date of Breach	2026-05-12T00:00:00+00:00
Discovery Date	2026-05-12T11:20:59.313304+00:00
Region	US
Target Domain	Avanti Windows & Doors
Business Sector	Manufacturing

Don’t wait for a breach to take action — stay informed and take control of your cybersecurity posture today.

You can also check if your organization’s data has been exposed using our free Data Breach Checker.

Disclaimer: HookPhish does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.