Ransomware victim disclosure

Startec Group of Companies

Claimed by aurora · listed 9 days ago

Age

since listed · data leaked

Status timeline

Listed
May 12, 2026
Data leaked

At a glance

Group: aurora
Status: Data leaked
Country: PH
Sector: Business Services
Listed on leak site: May 12, 2026

About the victim

AI dossier — public-source company profile

Startec Group of Companies is a privately held Calgary-based industrial original equipment manufacturer founded in 1976 by Joe Cawthorn. The company designs, fabricates, installs, and services compression, process, and refrigeration systems for oil-and-gas operators and the energy-transition sector, including RNG, hydrogen, CO2 sequestration, and flare-gas capture. It employs approximately 270 people and exports roughly 80% of its output to US customers including Pembina, ARC Resources, SemCAMS, Cenovus, and Shell.

Industry: Industrial OEM — Oil & Gas Compression, Process & Refrigeration Systems
Address: Calgary, Alberta, Canada
Employees: 270
Founded: 1976

Attack summary

Severity: critical — The disclosed data includes regulated PII at scale (SINs, banking/EFT data, passport scans for 600+ individuals), privileged legal communications, cryptographic private keys enabling infrastructure compromise, family financial records, and sensitive customer engineering IP — representing a near-total corporate and personal data breach across multiple regulated categories.

The Aurora ransomware group claims to have exfiltrated a broad corpus of highly sensitive corporate data from Startec Group of Companies, with data now published. The exposed material allegedly includes 25 years of payroll records with SIN data for 600+ employees, passport scans, TLS and CA private keys, cyber-insurance documents, privileged litigation files, board-level financial records including family trust and QuickBooks data, customer engineering libraries, Outlook PST mailboxes, and physical security credentials.

critical

Data the group says was taken

AI dossier — extracted from the leak post

25 years of payroll records (2001–2026)
SIN verification register (~600+ employees)
ADP payroll exports
T4/ROE/T2200 tax forms
Banking and EFT direct-deposit data
18+ named passport scans
Pakistan applicant passport and resume pool (~20+)
Wildcard TLS private keys for *.startec.ca
Internal Active Directory CA private key
Cyber-insurance policy (BZA2151)
Statement of Values and Business Interruption submission to Zurich
25+ customer engineering libraries (process specs, as-built drawings, sizing calculations)
Shell Caroline and Shell Saturn privileged litigation files (~665 MB)
12 fiscal years of board packs including in-camera sessions
2020 Valuation Report
Family-trust T3 tax returns
Succession-planning documents
Cawthorn family QuickBooks files (.QBW)
11 Outlook PST mailboxes
Physical security access codes (CCTV, alarm, door keys)

What the group claims

Startec Group of Companies, a privately held Calgary-based industrial OEM founded in 1976 by Joe Cawthorn. Startec designs, fabricates, installs, and services compression, process, and refrigeration systems for oil-and-gas operators and the energy-transition sector (RNG, hydrogen, CO&sub2; sequestration, flare-gas capture). The company employs ~270 people and exports ~80% of its cleantech output to US customers including Pembina, ARC Resources, SemCAMS, Cenovus, and Shell. The exposed material spans the entire corporate knowledge base: 25 years of payroll (2001–2026) including a master SIN VERIFICATION.xlsx register, ADP exports, T4/ROE/T2200 forms, banking/EFT direct-deposit data for ~600+ current and former employees 18+ named passport scans plus a Pakistan resume-and-passport applicant pool (~20+) Wildcard TLS private keys for *.startec.ca (2022–2027 series) and the suspected Active-Directory-integrated internal CA private key The cyber-insurance policy (BZA2151) and the Nov 2025 Statement of Values & Business-Interruption submission to Zurich ~25+ named customer engineering libraries (Pembina, ARC, SemCAMS, Cenovus, Shell Scotford) with process specs, as-built drawings, and sizing calculations Shell Caroline + Shell Saturn dispute-counsel files (~665 MB of privileged litigation material) 12 fiscal years of board packs including “in camera” sessions, the 2020 Valuation Report, family-trust T3 returns, and succession-planning documents Cawthorn family QuickBooks files (live .QBW — full chart of accounts, general ledger, every transaction) 11 Outlook PST mailboxes (several multi-GB — named ex-employees' complete email history) Physical-security access codes (CCTV passwords, Telsco alarm chart, all-doors key record)

Sources

Victim siteStartec Group of Companies
Leak posthttp://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/startec-814f7846

Source

Indexed 9 days ago

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.

Disclosure context

About aurora

Timeline of this disclosure

Other recent disclosures by aurora

Sector and geography