Costa Solutions, LLC

Group

aurora

Status

Data leaked

Country

US

Sector

Business Services

Listed on leak site

Apr 29, 2026

Costa Solutions, LLC is a privately held managed-labor and warehousing company headquartered in San Antonio, Texas, operating across multiple Texas markets including Houston, Dallas-Ft. Worth, and Austin. The company provides 24/7 inbound/outbound unloading, warehouse support, and production support services to clients in food & grocery, retail, automotive, and other sectors. It reports approximately $140M in annual revenue and serves major clients including HEB, CVS, Sysco, Amazon, and McLane.

The Aurora ransomware group claims to have exfiltrated the complete contents of Costa Solutions' file server, encompassing operational, financial, legal, and HR data including PII and regulated records for 3,000–8,000+ individuals; data has been published with no ransom stated.

• SSNs from W-2, W-4, 1099, and I-9 forms
• Bank account and routing numbers (200+ direct deposit forms)
• Employee medical and injury records (150+ files, 2013–2026)
• FMLA medical certifications
• Drug test results
• Workers' compensation claims
• Background check records
• CEO's personal documents folder (5.3 GB)
• P&L statements
• Client contracts and SLAs (HEB, CVS, Sysco, Amazon, McLane, Labatt, Valvoline)
• Competitor pricing intelligence
• RFP bid documents with cost models
• Active litigation and arbitration files
• HR internal investigation notes
• Attorney-client privileged correspondence
• Multi-year corporate budgets
• Valuation and M&A documents
• PPP loan forgiveness records
• Form 5500 ERISA filings
• TLS certificate for HEB production server
• VPN and Remote Desktop configuration files
• 12 years of former employee records
• Independent contractor and dependent PII
• Job applicant records

[warehouse] Costa Solutions, LLC — a privately held managed-labor and warehousing company headquartered in San Antonio, Texas, with ~$140M annual revenue and 200–1,000 employees. The file server contained the complete operational, financial, legal, and human resources infrastructure of the company: 3,000–8,000+ individuals' personal data — current employees, former employees (12 years of records), independent contractors, employee dependents, and job applicants. SSNs on W-2s, W-4s, 1099s, I-9s, background checks. Bank account and routing numbers on 200+ direct deposit forms. Medical and injury records — 150+ employee injury/medical files from 2013–2026, FMLA medical certifications, drug test results (random, reasonable suspicion, post-incident, promotional), and workers' compensation claims for 23+ named individuals. CEO's entire file system — Josh Wean's Documents folder (5.3 GB) including P&L statements, a 17-subfolder "Confidential" directory, legal correspondence, strategic plans, a C-12 peer advisory group archive, and a $RECYCLE.BIN with 60+ deleted items. Client contracts and competitive intelligence — pricing, SLAs, and contract terms for HEB, CVS, Sysco, Amazon, McLane, Labatt, Valvoline. Competitor pricing intelligence. RFP bid documents with cost models. Active legal case files — litigation records (2021–2022), HR internal investigation notes (2018–2021), arbitration files, active investigations marked "DO NOT DELETE" — all subject to attorney-client privilege. Infrastructure secrets — an HEB production server TLS certificate, a Cisco AnyConnect VPN installer, and the CEO's Remote Desktop connection file. Corporate financials — multi-year budgets, valuation & sale documents (indicating possible M&A activity), PPP loan forgiveness records, Form 5500 ERISA filings, and annual reporting.

• Victim sitecostasolutions.com
• Leak posthttp://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/costa-solutions-llc-a59652d6

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.