Ransomware victim disclosure
← All victimsMICROFINANCE INSTITUTION
Claimed by Karakurt · listed 3 years ago
Status timeline
- ListedMar 28, 2023
- Data leakeddate unknown
At a glance
- Group
- Karakurt
- Status
- Data leaked
- Country
- United States
- Sector
- Financial Services
- Listed on leak site
- Mar 28, 2023
- Data size
- 4 TB
- Records
- 861.839 SSNs
About the victim
AI dossier — public-source company profileThe victim is a US-based microfinance institution operating in the financial services sector. It maintains large-scale loan portfolios and client databases, suggesting it serves millions of individual borrowers. No public site was available to confirm a specific legal name or headquarters address.
- Industry
- Microfinance & Consumer Lending
Attack summary
Severity: critical — Confirmed exfiltration of nearly 2.9 million SSNs alongside a ~3 million-record PII and loan database constitutes a massive breach of highly regulated financial and personally identifiable data, meeting the threshold for critical severity under GLBA and potentially FCRA obligations.Karakurt claims to have exfiltrated 4 TB of data from the institution with no mention of encryption; stolen data includes approximately 2,861,839 SSNs, a ~3 million-record loan and debtor database, finance and accounting data, legal data, CRM backups, and fully dumped VIP user mailboxes.
Data the group says was taken
AI dossier — extracted from the leak post- Social Security Numbers (2,861,839)
- Loan status records (~3 million records)
- Debtor personal information (names, addresses, phone numbers, email addresses)
- Debtor characteristic/profile data
- Financial records
- Client data
- Accounting data
- Legal data
- CRM backups
- VIP user mailbox dumps
What the group claims
We're happy to present you a brilliant 4TB stolen from a microfinance institution. We have 2,861,839 SSNs in total. Beside this, we hold other high value databases - for example, a gigantic database with 3 million lines, which contains information about the status of the loan, addresses, last names, phone numbers, mails, and even the characteristics of the debtor - very entertaining reading.Moreover, we have finance, clients data, accounting data, legal data, CRM backups, fully dumped VIP users mailboxes and more.You will definitely enjoy it!
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

