Ransomware victim disclosure
← All victimsNorthWest Handling Systems
Claimed by Aurora · listed 2 months ago
Status timeline
- ListedMay 12, 2026
- Data leakeddate unknown
At a glance
- Group
- Aurora
- Status
- Data leaked
- Country
- Canada
- Sector
- Transportation/Logistics
- Listed on leak site
- May 12, 2026
About the victim
AI dossier — public-source company profileNorthWest Handling Systems is a forklift and warehouse equipment company headquartered in Renton, Washington, with approximately 55 years of operating history and branch locations across Washington, Oregon, and Alaska. The company provides material-handling equipment sales, service, and related solutions to a range of commercial and government clients including USPS, Oregon DHS, public schools, Nike, Google, Costco, and Umpqua Bank. It operates as a government contractor on certified payroll projects in addition to its private-sector business.
- Industry
- Forklift & Warehouse Equipment Sales and Service
- Address
- Renton, Washington, USA (with branches across WA, OR, and AK)
- Founded
- 1969
Attack summary
Severity: critical — The published data includes plaintext credit card numbers, Social Security numbers, taxpayer IDs, government-contract payroll records (constituting regulated PII at scale), multi-year third-party credential sets enabling fraudulent access to Fortune 50 vendor systems, corporate banking credentials, and physical security layouts for ~50–200 named companies including Nike, Google, and Costco. This combination of regulated financial and personal data, third-party credential compromise, and sensitivThe Aurora ransomware group claims to have exfiltrated the entire corporate file share of NorthWest Handling Systems, comprising 337,000+ files dating back to 1988, and has published the data. The dump reportedly contains plaintext credit card numbers, Social Security numbers, taxpayer IDs, third-party vendor portal credentials, customer facility CAD drawings, corporate banking details, and employee personal and payroll records.
Data the group says was taken
AI dossier — extracted from the leak post- Plaintext credit card numbers (Excel spreadsheet)
- Social Security numbers (W-9 forms)
- Taxpayer IDs (certified payroll documents)
- Government contract payroll records (USPS, Oregon DHS, public schools)
- Target Corporation vendor portal credentials (plaintext, multi-year)
- Home Depot Maximo DC billing credentials (plaintext)
- Albertsons/Safeway Corrigo portal credentials (plaintext)
- Customer warehouse CAD files (facility layouts, security zones, fire-protection drawings)
- Fixed-asset inventory data (24,669 rows, ExportFile.csv)
- Corporate bank routing and account numbers (ACH authorization forms)
- Employee direct-deposit details
- Employee time cards
- Employee disciplinary records
- Accident reports
- Decades of invoices
What the group claims
[warehouse] NorthWest Handling Systems — a 55-year-old forklift and warehouse equipment company headquartered in Renton, Washington, with branches across WA, OR, and AK. The dump is the entire corporate file share going back to 1988. 337,000+ files spanning every branch, every department, every era of the company. It includes: Plaintext credit card numbers in an Excel spreadsheet literally titled “C.O.D. info (CREDIT CARD INFO).xlsx” — stored at the root of the file server, unencrypted, for years. Social Security numbers and Taxpayer IDs on W-9 forms and certified payroll documents for government-contract work (USPS, Oregon DHS, public schools). 3+ years of plaintext passwords for Target Corporation’s vendor portal (TARS), stored in Word documents titled “TARGET PASSWORD & SECURITY QUESTIONS.” Each password rotation was saved as a new file. Home Depot Maximo DC billing credentials — plaintext, in a Word document, enabling fraudulent invoicing against a Fortune 50 company. Albertsons/Safeway Corrigo facility-management portal credentials — again, plaintext in a .docx file. 33 GB of customer warehouse CAD files — facility layouts, equipment placement, security-zone dimensions, and fire-protection drawings for approximately 50–200 companies including Nike, Google, Costco, and Umpqua Bank. 24,669 rows of fixed-asset data in ExportFile.csv — the complete equipment inventory, revealing the company’s financial structure, depreciation schedules, and capital-investment history. Corporate bank routing and account numbers (ACH authorization forms), employee direct-deposit details, time cards, disciplinary records, accident reports, and decades of invoices.
Sources
Source
Indexed 2 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

