Ransomware victim disclosure
← All victimsIntelliLoan
listed as intellioan.com · Claimed by LockBit · listed 7 months ago
Status timeline
- ListedDec 7, 2025
- Data leakeddate unknown
At a glance
- Group
- LockBit
- Status
- Data leaked
- Country
- United States
- Sector
- Technology
- Listed on leak site
- Dec 7, 2025
About the victim
AI dossier — public-source company profileIntelliLoan (intellioan.com) is a US-based mortgage lender offering home loans, refinancing, and mortgage guidance to consumers. The company positions itself around expert advisory services in the residential lending space. No additional public site content was available to confirm scale or headquarter location.
- Industry
- Mortgage Lending & Home Loan Services
Attack summary
Severity: critical — Mortgage lenders hold highly sensitive regulated financial and personal data (SSNs, income records, credit histories, loan applications) at scale; data_published status confirms exfiltration, elevating this to critical under GLBA and consumer finance data protection standards.LockBit claims to have attacked IntelliLoan and has published data (disclosed_status: data_published), suggesting exfiltration of company and potentially customer data; the leak post references mortgage and home loan services context but specific data categories are not enumerated in the truncated post.
Data the group says was taken
AI dossier — extracted from the leak post- Customer mortgage applications
- Personal financial information
- Loan documentation
- Customer PII
What the group claims
Experience the Intelliloan difference! Get expert guidance on home loans, refinancing, and mortgage...
Sources
- Victim siteintellioan.com
Source
Indexed 7 months agoThis page surfaces a public ransomware disclosure indexed by Darkfield. Original posts come from the operator's own leak site; we cross-check against ransomware.live, RansomLook and RansomWatch where applicable. Share this URL freely.
Is this your supplier? Your competitor? You?
Pro plans monitor your domain, corporate emails, and crypto wallets across every new ransomware leak-site post, breach dump and Telegram callout — alerts within 5 minutes.

