Kochs GmbH

Attack Summary

[manufacturer] *** — a family-owned German manufacturer of windows, doors, and aluminium façade systems headquartered in Herzogenrath, Nordrhein-Westfalen, with ~240 employees across Germany, the Netherlands, and Hungary. The exposed material includes: 22 GB of payroll database backups (7 MSSQL .bak files, 2016–2023) — every employee's salary, bank IBAN, tax class, social insurance number, pension contributions, and wage garnishments. 2.3 GB of DATEV payroll records (through May 2026) — individual named salary documents, garnishment data, company car records for all three entities. 7 Active Directory passwords in plaintext batch scripts — including both Managing Directors, with one MD's credentials spanning three separate AD domains. 28+ proprietary application source code repositories — WinPro ERP, Apertum CRM, MES integrations, production viewers, time-tracking, and rack-management systems. Each one hardcodes its database credentials. SSL/TLS private keys for kochs.de (2021–2026) — enabling domain impersonation and man-in-the-middle attacks. 77 VPN pre-shared keys from the LANCOM gateway configuration — the complete remote-access roster since 2018. Managing Director's MRI and X-ray scans — brain and spine medical imaging, GDPR Art. 9 special category health data. 16 named employee disciplinary records, 11 driver's license scans, attorney-client privileged litigation files from two active employment lawsuits. Complete financial records — 2024 annual accounts, P&L, balance sheets, SFirm banking database, Syska ProFI general ledger, cost accounting through December 2024.