Ransomware victim disclosure
← All victimsFINANCE INSTITUTION AUCTION
Claimed by Karakurt · listed 3 years ago
Status timeline
- ListedMar 29, 2023
- Data leakeddate unknown
At a glance
- Group
- Karakurt
- Status
- Data leaked
- Country
- United States
- Sector
- Financial Services
- Listed on leak site
- Mar 29, 2023
- Data size
- 4 TB
- Records
- 861.839 SSNs
About the victim
AI dossier — public-source company profileThe victim is described by the threat actor as a microfinance institution operating in the United States within the financial services sector. The organization extends loans to consumers and maintains large-scale debtor databases including personal and financial information. No public website was available to confirm further operational details.
- Industry
- Microfinance & Consumer Lending
Attack summary
Severity: critical — Confirmed exfiltration of nearly 2.9 million SSNs alongside 3 million loan records containing PII, financial details, and debtor profiles constitutes a large-scale breach of highly regulated financial and personally identifiable data, meeting the threshold for critical severity.Karakurt claims to have exfiltrated approximately 4 TB of data from the organization, including nearly 2.9 million SSNs, a 3-million-record loan database with PII, CRM backups, VIP user mailboxes, and accounting and legal data; the group threatens to auction the data if ransom negotiations do not proceed.
Data the group says was taken
AI dossier — extracted from the leak post- 2,861,839 Social Security Numbers (SSNs)
- Loan status records (~3 million lines)
- Debtor addresses, last names, phone numbers, email addresses
- Debtor characteristic/profile data
- Client financial data
- Accounting data
- Legal data
- CRM backups
- VIP user mailboxes (fully dumped)
What the group claims
We're happy to present you a brilliant 4TB stolen from a microfinance institution. We have 2,861,839 SSNs in total. Beside this, we hold other high value databases - for example, a gigantic database with 3 million lines, which contains information about the status of the loan, addresses, last names, phone numbers, mails, and even the characteristics of the debtor - very entertaining reading.Moreover, we have finance, clients data, accounting data, legal data, CRM backups, fully dumped VIP users mailboxes and more.If the company representatives will continue acting non-negotiable, these data will be put up for auction. Stay tuned. You will definitely enjoy it!
Source
Indexed 3 years agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

