Costa Solutions, LLC

Attack Summary

[warehouse] Costa Solutions, LLC — a privately held managed-labor and warehousing company headquartered in San Antonio, Texas, with ~$140M annual revenue and 200–1,000 employees. The file server contained the complete operational, financial, legal, and human resources infrastructure of the company: 3,000–8,000+ individuals' personal data — current employees, former employees (12 years of records), independent contractors, employee dependents, and job applicants. SSNs on W-2s, W-4s, 1099s, I-9s, background checks. Bank account and routing numbers on 200+ direct deposit forms. Medical and injury records — 150+ employee injury/medical files from 2013–2026, FMLA medical certifications, drug test results (random, reasonable suspicion, post-incident, promotional), and workers' compensation claims for 23+ named individuals. CEO's entire file system — Josh Wean's Documents folder (5.3 GB) including P&L statements, a 17-subfolder "Confidential" directory, legal correspondence, strategic plans, a C-12 peer advisory group archive, and a $RECYCLE.BIN with 60+ deleted items. Client contracts and competitive intelligence — pricing, SLAs, and contract terms for HEB, CVS, Sysco, Amazon, McLane, Labatt, Valvoline. Competitor pricing intelligence. RFP bid documents with cost models. Active legal case files — litigation records (2021–2022), HR internal investigation notes (2018–2021), arbitration files, active investigations marked "DO NOT DELETE" — all subject to attorney-client privilege. Infrastructure secrets — an HEB production server TLS certificate, a Cisco AnyConnect VPN installer, and the CEO's Remote Desktop connection file. Corporate financials — multi-year budgets, valuation & sale documents (indicating possible M&A activity), PPP loan forgiveness records, Form 5500 ERISA filings, and annual reporting.