Avanti Windows & Doors — a vinyl window manufacturer headquartered in El Mirage, Arizona, with regional offices across Nevada, Texas, California, and Florida.

The exposed material includes:

Plaintext SQL Server SA (system administrator) credentials — the master key to the FeneVision ERP database containing every customer order, every price, every financial record the company has ever processed.
Employee SSNs, W-4s, I-9s, and E-Verify data — the complete identity package for the entire workforce, from new-hire packets through payroll records spanning 2014–2016+.
1099-MISC/INT forms — SSNs/EINs and payment amounts for 50–200+ contractors and vendors across two tax years.
Direct deposit authorizations — bank account and routing numbers for employees who enrolled in ACH payroll.
24+ months of Chase bank statements and 28 months of AMEX corporate card statements — full account numbers, transaction details, and spending patterns.
The complete proprietary pricing algorithm — source code for the FastAPI backend that determines window pricing for every builder contract, plus 41+ builder Master Service Agreements with exact pricing terms.
CPA-reviewed financial statements, partnership returns, K-1s, and budget forecasts — the company’s full financial anatomy, from cost structure to profit allocation.
OSHA 300 logs, workers’ compensation audit files, and UHC health insurance invoices — employee medical and injury data, names of injured workers, treatment details.
Attorney-client privileged ADOSH settlement correspondence — OSHA settlement negotiations between outside counsel and the CEO.
~80 Windows roaming profiles — employee desktops, documents, AppData, Outlook .ost/.pst files, browser caches, and cached credentials.