Startec Group of Companies

Attack Summary

Startec Group of Companies, a privately held Calgary-based industrial OEM founded in 1976 by Joe Cawthorn. Startec designs, fabricates, installs, and services compression, process, and refrigeration systems for oil-and-gas operators and the energy-transition sector (RNG, hydrogen, CO&sub2; sequestration, flare-gas capture). The company employs ~270 people and exports ~80% of its cleantech output to US customers including Pembina, ARC Resources, SemCAMS, Cenovus, and Shell. The exposed material spans the entire corporate knowledge base: 25 years of payroll (2001–2026) including a master SIN VERIFICATION.xlsx register, ADP exports, T4/ROE/T2200 forms, banking/EFT direct-deposit data for ~600+ current and former employees 18+ named passport scans plus a Pakistan resume-and-passport applicant pool (~20+) Wildcard TLS private keys for *.startec.ca (2022–2027 series) and the suspected Active-Directory-integrated internal CA private key The cyber-insurance policy (BZA2151) and the Nov 2025 Statement of Values & Business-Interruption submission to Zurich ~25+ named customer engineering libraries (Pembina, ARC, SemCAMS, Cenovus, Shell Scotford) with process specs, as-built drawings, and sizing calculations Shell Caroline + Shell Saturn dispute-counsel files (~665 MB of privileged litigation material) 12 fiscal years of board packs including “in camera” sessions, the 2020 Valuation Report, family-trust T3 returns, and succession-planning documents Cawthorn family QuickBooks files (live .QBW — full chart of accounts, general ledger, every transaction) 11 Outlook PST mailboxes (several multi-GB — named ex-employees' complete email history) Physical-security access codes (CCTV passwords, Telsco alarm chart, all-doors key record)