Bayou Title, Inc.

Group

aurora

Status

Data leaked

Country

US

Sector

Financial Services

Listed on leak site

Apr 29, 2026

Bayou Title, Inc. is the largest title insurance agent and closing/settlement services provider in Louisiana, operating 19 full-service locations statewide. The company provides title abstracts, HUD-1 settlement services, escrow, and related real estate closing services across Louisiana. It has been in operation since at least 2004, accumulating over 20 years of transaction records.

The Aurora ransomware group claims to have exfiltrated data spanning 20+ years of operations (2004–2026), including tens of thousands of Social Security numbers paired with financial records, complete employee payroll databases, 103 GB of title abstracts, 44 GB of closing file archives, plaintext government portal credentials, and attorney-client privileged documents. The disclosure status is listed as data_published, indicating the stolen data has been released.

• 70,000–100,000+ Social Security numbers with names and addresses
• 1099-S real estate closing worksheets (2018–2020)
• W-2 and 1099-MISC tax filings
• Sage 50 EMPLOYEE.DAT payroll files (10+ instances)
• Bank account and routing numbers for employees
• Employee pay rates and tax withholding records
• Direct deposit details
• 103 GB of title abstract PDFs (~34,000+ documents)
• 44 GB of GreenFolders DMS closing file archives (2012, 2013, 2019)
• HUD-1 settlement statements
• Identity verification documents and SSN cards
• Plaintext government portal credentials
• Attorney-client privileged documents (wills, engagement letters, legal opinions)

[insurance] Bayou Title, Inc. — the largest title insurance agent and closing/settlement services provider in Louisiana, with 19 full-service locations statewide. The exfiltrated data spans 20+ years of operations (2004–2026) and includes: 70,000–100,000+ Social Security numbers paired with names, addresses, and sale proceeds from 1099-S real-estate closing worksheets covering all 19 offices across three tax years (2018–2020), plus W-2 and 1099-MISC filings. Complete employee payroll databases — 10+ instances of Sage 50 EMPLOYEE.DAT files containing SSNs, bank account numbers, routing numbers, pay rates, tax withholding, and direct deposit details for current and former employees. 103 GB of title abstracts — ~34,000+ PDFs documenting ownership chains, liens, and mortgages for properties across Louisiana. 44 GB of GreenFolders DMS transaction packages (2012, 2013, 2019) — complete closing file archives containing HUD-1 settlement statements, identity verification documents, SSN cards, and tax records. Filenames contain encoded tags (ssn, hud, soc, tax). Plaintext credentials for government portals — a file literally named Lafayette Assessors lcmenard Password4321.url, plus a PDF containing Orleans Parish system login credentials. Attorney-client privileged documents — wills, attorney engagement letters, and legal opinions prepared by licensed Louisiana attorneys.

• Victim sitebayoutitle.com
• Leak posthttp://u6lieui2dakbctcjea2bz4r4q32r7t36nwljovqbv7mxs6o2smgxixid.onion/blog/bayou-title-inc-2d5014bd

This page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.