Ransomware victim disclosure
← All victimsKennedy Funding
Claimed by Blacklock · listed 1 year ago
Status timeline
- ListedMay 16, 2025
- Data leakeddate unknown
At a glance
- Group
- Blacklock
- Status
- Data leaked
- Country
- United States
- Sector
- Financial Services
- Listed on leak site
- May 16, 2025
- Ransom demanded
- $4B
About the victim
AI dossier — public-source company profileKennedy Funding is a nationwide direct private lender specializing in bridge loans for commercial property and land acquisition. The company has closed over $4 billion in loans and markets itself as America's most trusted bridge loan lender, offering rapid approval-to-closing timelines.
- Industry
- Financial Services - Commercial Bridge Lending
Attack summary
Severity: medium — Financial services company with access to sensitive borrower and transaction data; however, the leak post provides no concrete proof of exfiltration, no detail on data scope or sensitivity level, and no confirmation of actual data publication. The $4B figure appears to be legitimate business volume rather than proof of compromise.The blacklock group claims to have compromised Kennedy Funding and references the $4 billion in closed loans figure. No specific data exfiltration details, proof files, or operational impact are described in the provided leak post excerpt.
Data the group says was taken
AI dossier — extracted from the leak post- loan records
- borrower information
- financial transaction data
What the group claims
Up to over $4 billion in closed loans. Kennedy Funding is a nationwide direct private lender specializing in bridge loans for commercial property and land acquisition.
Sources
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

