Ransomware victim disclosure
← All victimsThe Noble Group
listed as nobleweb.com · Claimed by Noname · listed 2 years ago
Status timeline
- ListedJan 16, 2024
- Data leakeddate unknown
At a glance
- Group
- Noname
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Jan 16, 2024
- Data size
- 260 GB
About the victim
AI dossier — public-source company profileThe Noble Group is a real estate and private lending firm founded in 1992, based in Lancaster, Pennsylvania. They specialize in mortgage loan acquisitions, real estate purchasing, private lending, and residential property sales primarily in the Mid-Atlantic region of the United States.
- Industry
- Real Estate & Mortgage Lending
- Address
- 1817 Olde Homestead Lane, Suite 101, Lancaster, PA 17601, United States
- Founded
- 1992
Attack summary
Severity: critical — Confirmed exfiltration of large-scale PII (260 GB) including SSNs, addresses, and financial information for employees, plus business financial records. This constitutes regulated personal data exposure at scale.The noname group claims to have exfiltrated 260 GB of company data including employee personal information (Social Security numbers, residential addresses, dates of birth, salary and tax information), contracts, and confidential financial forms.
Data the group says was taken
AI dossier — extracted from the leak post- Employee SSN numbers
- Residential addresses
- Dates of birth
- Salary information
- Tax records
- Employment contracts
- Budget documents
- Cash flow records
- Confidential company forms
What the group claims
M Since 1992, The Noble Group has built a dedicated team of professionals all working together to revitalize neighborhoods, provide new homes for families and build a better future for our investors. 260GB lists with ssn numbers, residential addresses, date of birth, salary and tax information, contracts, and other confidential forms for employees budget, cash […]
Sources
Source
Indexed 2 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

