Ransomware Group aurora Hits: Costa Solutions, LLC

hookphish post ransomware group aurora hits costa solutions llc

In the latest cybersecurity news, Costa Solutions, LLC — a company operating in the US — has fallen victim to a ransomware attack conducted by the group aurora. This data breach, discovered on 2026-04-29T21:35:01.143814+00:00, underscores the increasing need for proactive cybersecurity defenses as we continue through 2025.

In response to increasing cyber threats, it’s critical to protect your organization with proactive security measures. HookPhish provides enterprise-grade solutions designed to reduce your risk of future attacks:

Protect your organization before it becomes the next headline. Explore HookPhish.

Incident Report

Attribute Information
Target Organization Costa Solutions, LLC
Threat Group aurora
Summary [warehouse] Costa Solutions, LLC — a privately held managed-labor and warehousing company headquartered in San Antonio, Texas, with ~$140M annual revenue and 200–1,000 employees.

The file server contained the complete operational, financial, legal, and human resources infrastructure of the company:

3,000–8,000+ individuals’ personal data — current employees, former employees (12 years of records), independent contractors, employee dependents, and job applicants. SSNs on W-2s, W-4s, 1099s, I-9s, background checks. Bank account and routing numbers on 200+ direct deposit forms.
Medical and injury records — 150+ employee injury/medical files from 2013–2026, FMLA medical certifications, drug test results (random, reasonable suspicion, post-incident, promotional), and workers’ compensation claims for 23+ named individuals.
CEO’s entire file system — Josh Wean’s Documents folder (5.3 GB) including P&L statements, a 17-subfolder “Confidential” directory, legal correspondence, strategic plans, a C-12 peer advisory group archive, and a $RECYCLE.BIN with 60+ deleted items.
Client contracts and competitive intelligence — pricing, SLAs, and contract terms for HEB, CVS, Sysco, Amazon, McLane, Labatt, Valvoline. Competitor pricing intelligence. RFP bid documents with cost models.
Active legal case files — litigation records (2021–2022), HR internal investigation notes (2018–2021), arbitration files, active investigations marked “DO NOT DELETE” — all subject to attorney-client privilege.
Infrastructure secrets — an HEB production server TLS certificate, a Cisco AnyConnect VPN installer, and the CEO’s Remote Desktop connection file.
Corporate financials — multi-year budgets, valuation & sale documents (indicating possible M&A activity), PPP loan forgiveness records, Form 5500 ERISA filings, and annual reporting.
Date of Breach 2026-04-29T00:00:00+00:00
Discovery Date 2026-04-29T21:35:01.143814+00:00
Region US
Target Domain costasolutions.com
Business Sector Business Services

 

Don’t wait for a breach to take action — stay informed and take control of your cybersecurity posture today.

You can also check if your organization’s data has been exposed using our free Data Breach Checker.

Disclaimer: HookPhish does not engage in the exfiltration, downloading, taking, hosting, viewing, reposting, or disclosure of any stolen information. All breach data reported here is sourced from publicly available threat intelligence feeds for awareness purposes only.

Tags

What do you think?

Related articles

Contact us
Partner with Us for Cybersecurity Solutions.

We’re here to answer any questions and help you find the right HookPhish services to meet your cybersecurity needs.

Call us at: +44 1337 320101
Your benefits:
  • Client-focused
  • Trusted Experts
  • Results-driven
  • Results-driven
  • Problem Solvers
  • Transparent
What happens next?
1
Schedule a Call at your convenience.
2

Meeting to understand your needs.

3

Proposal Preparation with tailored solutions.

Schedule a Consultation