Back to Blog
high severity June 22, 2026 · scope unconfirmed

Aerospace & Advanced Composites GmbH Listed by aurora Ransomware Group

*** (AAC) — an Austrian space-materials R&D company headquartered in Wiener Neustadt, with deep ties to the European Space Agency. Obtained two complete NAS snapshots spanning 30+ years of operations: aacdata (31 December 2022) — 123 GB: the complete Testhouse, R&D, and engineering share, including the ESA thermal vacuum test archive, polymer composites formulations, and 22 Outlook PST email backups. aacdata1 (14 January 2025) — 86 GB: the administrative share, including managing director's full PC backup (browser credentials, passport scans), 15 years of financial statements, shareholder agr

⚠ Were you affected?
Free email scanner — we check your address against 15.4B+ leaked records in 15 seconds.
Run free scan →
Severity High
Disclosed June 22, 2026
Affected Unconfirmed
Data exposed Internal files exfiltrated in ransomware attack

On June 22, 2026, Aerospace & Advanced Composites GmbH appeared on the leak site of the aurora ransomware group. The Austrian company, based in Wiener Neustadt and closely linked to the European Space Agency, had two complete NAS snapshots stolen: 123 GB from December 2022 containing its entire Testhouse, R&D, and engineering data, plus 86 GB from January 2025 that included administrative records and the managing director’s full PC backup.

Confirmed Details from Reporting

Public reporting indicates the attackers obtained two full snapshots spanning more than 30 years of operations. The first, labeled aacdata (31 December 2022), totals 123 GB and holds the complete engineering share, including the ESA thermal vacuum test archive, polymer composites formulations, and 22 Outlook PST email backups. The second, aacdata1 (14 January 2025), is 86 GB and contains the administrative share along with the managing director’s browser credentials, passport scans, and 15 years of financial statements and shareholder agreements.

Available reporting describes the data as having been exfiltrated during a ransomware attack. No confirmed victim count for individuals has been published, but the breadth of the material means any employee, contractor, customer, or partner whose information passed through those systems could be affected.

Why This Matters for You and Your Family

When a company’s internal drives are stolen, the information rarely stays inside corporate walls. Passport scans, email archives, and financial records can be used to impersonate people, file fraudulent taxes, or open accounts in their name. If you or anyone in your household has ever worked with AAC, supplied materials, or been named in correspondence stored on those servers, your personal details may now sit on a ransomware leak site.

Browser credentials and Outlook backups are especially dangerous because one reused password can open the door to your personal email, banking, or social-media accounts. Children’s names or family addresses included in employee records can also surface later in unexpected ways.

The Doxxing and Identity-Chain Risks

Stolen corporate files often become the first link in a longer doxxing chain. A passport scan paired with an email address can be cross-referenced against data from earlier breaches to map your full digital footprint. Gaming usernames belonging to you or your children, if they reuse any of the same passwords or recovery emails, can be hijacked and used to harass or further expose the household.

Once attackers connect an email to a real person and address, they can locate additional records on public platforms, turning a single breach into months of potential harassment or identity theft.

Aurora Ransomware Group’s Known Activity

Public reporting attributes the attack to the aurora ransomware group. The group emerged in recent years and has targeted organizations across multiple sectors by gaining initial access, exfiltrating data, and then publishing samples on its leak site when victims do not pay. Its typical playbook combines ransomware encryption with public shaming, using partial data dumps to pressure companies. Exact prior victims and full operational history remain subjects of ongoing tracking by threat researchers.

What to do

  • Run a DoxxScan to map every link between your emails, phones, handles, and real-world identity so you can see exactly what chains back to this incident.
  • Rotate any password that was used at Aerospace & Advanced Composites GmbH anywhere else it appears, and switch on 2FA through an authenticator app rather than text messages.
  • Enable continuous DoxxScan monitoring across 15.4B+ breach records and 100+ platforms so the next exposure of your information is caught in hours, not months.
  • Cover the household with DoxxScan family protection that extends to dependents and children’s gaming accounts, which often become targets when credential leaks cascade into takeovers.
  • Let DoxxScan remediation specialists handle takedown requests and broker removals for you while you focus on securing your own accounts.

The incident shows how quickly corporate data theft can reach ordinary families. Taking concrete steps now limits what attackers can build from this breach and any that follow. DoxxScan by GalaxyWarden delivers continuous monitoring across 15.4 billion breach records and more than 100 platforms, AI-powered identity-chain mapping that connects online handles to real identities, and hands-on remediation by specialists, with full household coverage that includes children’s gaming accounts vulnerable to cascading takeovers.

Share this Post on X Reddit Email
Why this isn’t just another breach checker

A breach leaks your credentials. Then hackers chain those credentials to your address, family, phone, and employer using public broker sites. We’re the only tool built around that chain.

Free checker Tells you the breach happened. End of story. You’re still on 800+ broker sites.
$129+/yr Broker-removal services scrub the address but don’t see the breach — next leak re-exposes you.
GalaxyWarden Maps the chain. Cleans both halves. $19 one-shot. Closed loop.

⚠ Were you in this breach?

Free email scanner. We check your address against 15.4B+ leaked records in 15 seconds — then show you the $19 cleanup that removes you from the broker sites aggregating leaked data.

Check my email — free →
Close the chain attack

Both halves of the chain, cleaned once.

A breach put your credentials in 15.4B+ leaked records. Hackers chain that data to your address on 800+ broker sites. GalaxyWarden closes both halves for $19 once — no subscription required.

Clean both halves — $19 →
Free breach scan + 800+ broker letters + 30-day proof · one payment, no subscription
W Warden Plus — ongoing monitoring $9.99/mo
Warden Plus ($9.99/mo or $99/yr): weekly re-scans, breach alerts, AI Concierge, auto re-files on relisted brokers.