NorthWest Handling Systems

Group

aurora

Status

Data leaked

Country

CA

Sector

Transportation/Logistics

Listed on leak site

May 12, 2026

NorthWest Handling Systems is a forklift and warehouse equipment company headquartered in Renton, Washington, with approximately 55 years of operating history and branch locations across Washington, Oregon, and Alaska. The company provides material-handling equipment sales, service, and related solutions to a range of commercial and government clients including USPS, Oregon DHS, public schools, Nike, Google, Costco, and Umpqua Bank. It operates as a government contractor on certified payroll projects in addition to its private-sector business.

The Aurora ransomware group claims to have exfiltrated the entire corporate file share of NorthWest Handling Systems, comprising 337,000+ files dating back to 1988, and has published the data. The dump reportedly contains plaintext credit card numbers, Social Security numbers, taxpayer IDs, third-party vendor portal credentials, customer facility CAD drawings, corporate banking details, and employee personal and payroll records.

• Plaintext credit card numbers (Excel spreadsheet)
• Social Security numbers (W-9 forms)
• Taxpayer IDs (certified payroll documents)
• Government contract payroll records (USPS, Oregon DHS, public schools)
• Target Corporation vendor portal credentials (plaintext, multi-year)
• Home Depot Maximo DC billing credentials (plaintext)
• Albertsons/Safeway Corrigo portal credentials (plaintext)
• Customer warehouse CAD files (facility layouts, security zones, fire-protection drawings)
• Fixed-asset inventory data (24,669 rows, ExportFile.csv)
• Corporate bank routing and account numbers (ACH authorization forms)
• Employee direct-deposit details
• Employee time cards
• Employee disciplinary records
• Accident reports
• Decades of invoices

[warehouse] NorthWest Handling Systems — a 55-year-old forklift and warehouse equipment company headquartered in Renton, Washington, with branches across WA, OR, and AK. The dump is the entire corporate file share going back to 1988. 337,000+ files spanning every branch, every department, every era of the company. It includes: Plaintext credit card numbers in an Excel spreadsheet literally titled “C.O.D. info (CREDIT CARD INFO).xlsx” — stored at the root of the file server, unencrypted, for years. Social Security numbers and Taxpayer IDs on W-9 forms and certified payroll documents for government-contract work (USPS, Oregon DHS, public schools). 3+ years of plaintext passwords for Target Corporation’s vendor portal (TARS), stored in Word documents titled “TARGET PASSWORD & SECURITY QUESTIONS.” Each password rotation was saved as a new file. Home Depot Maximo DC billing credentials — plaintext, in a Word document, enabling fraudulent invoicing against a Fortune 50 company. Albertsons/Safeway Corrigo facility-management portal credentials — again, plaintext in a .docx file. 33 GB of customer warehouse CAD files — facility layouts, equipment placement, security-zone dimensions, and fire-protection drawings for approximately 50–200 companies including Nike, Google, Costco, and Umpqua Bank. 24,669 rows of fixed-asset data in ExportFile.csv — the complete equipment inventory, revealing the company’s financial structure, depreciation schedules, and capital-investment history. Corporate bank routing and account numbers (ACH authorization forms), employee direct-deposit details, time cards, disciplinary records, accident reports, and decades of invoices.

• Victim siteNorthWest Handling Systems
• Leak posthttp://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/worf-626327a9

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.