Ransomware victim disclosure
← All victimsNationsBuilders Insurance Services
Claimed by Aurora · listed 12 days ago
Status timeline
- ListedJun 22, 2026
- Data leakeddate unknown
At a glance
- Group
- Aurora
- Status
- Data leaked
- Sector
- Financial Services
- Listed on leak site
- Jun 22, 2026
About the victim
AI dossier — public-source company profileNationsBuilders Insurance Services (NBIS) is a US-based specialty managing general underwriter focused on crane & rigging, concrete-pumping, heavy-haul, and residential-builder insurance. Founded in Atlanta in 2001, the company was acquired by Align Financial / DUAL North America (part of Howden Group) in August 2021.
- Industry
- Specialty Insurance — Crane, Rigging, Concrete-Pumping & Construction
- Address
- Atlanta, Georgia, USA
- Employees
- 51-200
- Founded
- 2001
Attack summary
Severity: critical — Exfiltration confirmed across 2.7M+ files including claims, policies, HR, financial data, and customer information typical of an insurance underwriter. Data published with no ransom, indicating intentional disclosure. Scale and sensitivity of insurance operations data (PII at scale, policyholder details, claims history) meets critical threshold.Aurora claims to have exfiltrated 2,748,845 filetree entries across 24 shares including AIM, ImageRight, claims and policy-admin stores, HR, finance, IT systems, and decade-old M&A diligence materials. No ransom demand stated; data already published.
Data the group says was taken
AI dossier — extracted from the leak post- Claims administration records
- Policy administration data
- HR and personnel files
- Financial records
- IT systems and configurations
- M&A diligence documents (10+ years)
- AIM system data
- ImageRight repository
What the group claims
[insurance] *** (NBIS) is the premier US underwriter of crane & rigging, concrete-pumping, heavy-haul, and residential-builder insurance — a specialty managing general underwriter founded in Atlanta in 2001, acquired by Align Financial / DUAL North America (Howden Group) in August 2021. 2,748,845 filetree entries across 24 shares (AIM, IMAGERIGHT, the claims and policy-admin stores, HR, finance, IT, and a decade of M&A diligence rooms).
Sources
Source
Indexed 12 days agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

