Ransomware victim disclosure
← All victimsAndrew Davidson & Co., Inc.
Claimed by Frag · listed 1 year ago
Status timeline
- ListedMar 24, 2025
- Data leakeddate unknown
At a glance
- Group
- Frag
- Status
- Data leaked
- Country
- United States
- Sector
- Financial Services
- Listed on leak site
- Mar 24, 2025
About the victim
AI dossier — public-source company profileAndrew Davidson & Co., Inc. is a leading provider of risk analytics, modeling, and consulting services to the mortgage-backed securities (MBS) and asset-backed securities (ABS) industry. The firm serves banking, broker-dealer, insurance, and investment management clients with proprietary tools for mortgage analysis, prepayment modeling, and credit risk assessment.
- Industry
- Financial Services – Mortgage Analytics & Risk Consulting
Attack summary
Severity: high — Confirmed exfiltration of PII (customer and employee contact details), business-sensitive financial statements, and insurance documentation from a financial services firm serving institutional clients. No ransom demand stated but data published.The frag ransomware group claims to have extracted contact details of customers and employees, financial statements, and insurance certificates from Andrew Davidson & Co., Inc. The group has published data but did not disclose a ransom demand.
Data the group says was taken
AI dossier — extracted from the leak post- customer contact details
- employee contact details
- financial statements
- insurance certificates
What the group claims
Financial Services Andrew Davidson & Co., Inc. is a leading provider of risk analytics and consulting to the mortgage-backed securities (MBS) and asset-backed securities (ABS) industry. Our team was successful in extracting the following documents: Contact details of customers and employees Financial statements of the company Insurance certificates
Sources
- Victim sitead-co.com
Source
Indexed 1 year agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

