Towne Mortgage Company

Towne Mortgage Company, a full-service mortgage lender, suffered a ransomware attack by the BlackByte ransomware group, leading to a major data breach. Unauthorized access to the company’s network was detected on June 7, 2025, and a forensic investigation later confirmed that customer data files were copied from its systems. The breach was publicly disclosed on November 14, 2025, after BlackByte published sample stolen data on its dark web portal on July 30, 2025, heightening risks of identity theft and fraud.The compromised data included personal information of customers, exposing them to potential financial and reputational harm. In response, Towne Mortgage offered 24-month credit monitoring, fraud alerts, and security freeze guidance to affected individuals. The attack underscores the severe consequences of ransomware-driven breaches, where data exfiltration and extortion compound the damage beyond mere encryption.The incident highlights the criminal intent behind the attack, with the threat actor actively leaking sensitive data to pressure the company. Customers were advised to monitor financial accounts and credit reports for unauthorized activity, reflecting the long-term risks posed by such breaches.

Source: https://www.claimdepot.com/data-breach/towne-mortgage-2025

AmeriCU Mortgage cybersecurity rating report: https://www.rankiteo.com/company/americu-mortgage

"id": "AME1192511111525",
"linkid": "americu-mortgage",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'mortgage lending',
                        'name': 'Towne Mortgage Company',
                        'type': 'private company'}],
 'customer_advisories': ['enroll in 24-month credit monitoring via Cyberscout',
                         'place fraud alerts/security freezes with credit '
                         'bureaus',
                         'monitor financial accounts for unauthorized '
                         'activity'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (potential for identity '
                                        'theft/fraud)',
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2025-06-07',
 'date_publicly_disclosed': '2025-11-14',
 'description': 'Full-service mortgage lender Towne Mortgage Company disclosed '
                'a major data breach following a ransomware attack by the '
                'BlackByte group. Unauthorized access was detected on June 7, '
                '2025, with sample customer data published on the dark web on '
                'July 30, 2025. The breach was publicly disclosed on November '
                '14, 2025, after a forensic investigation confirmed that files '
                'containing customer data may have been copied. Affected '
                'individuals were notified and offered 24-month credit '
                'monitoring and fraud assistance services.',
 'impact': {'brand_reputation_impact': 'high (potential identity theft and '
                                       'fraud risks)',
            'data_compromised': True,
            'identity_theft_risk': 'high'},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'high_value_targets': ['customer personal data']},
 'investigation_status': 'completed (forensic investigation and manual review '
                         'conducted)',
 'motivation': ['financial gain', 'data theft'],
 'post_incident_analysis': {'corrective_actions': ['credit monitoring services '
                                                   'for affected individuals',
                                                   'fraud prevention '
                                                   'guidance']},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'BlackByte'},
 'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
                                                        'Attorney General']},
 'response': {'communication_strategy': ['notification letters to affected '
                                         'individuals',
                                         'public disclosure to Massachusetts '
                                         'Attorney General',
                                         'advisories on credit monitoring '
                                         'enrollment (90-day window)',
                                         'guidance on fraud alerts/security '
                                         'freezes with Equifax, Experian, and '
                                         'TransUnion'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['notification to affected individuals',
                                    '24-month credit monitoring (Cyberscout)',
                                    'single bureau credit reports',
                                    'credit score services',
                                    'fraud assistance and guidance'],
              'remediation_measures': ['forensic investigation',
                                       'manual review of compromised data'],
              'third_party_assistance': ['Cyberscout (TransUnion)']},
 'stakeholder_advisories': ['credit monitoring enrollment (within 90 days)',
                            'fraud alert/security freeze guidance',
                            'regular review of financial statements and credit '
                            'reports'],
 'threat_actor': 'BlackByte ransomware group',
 'title': 'Towne Mortgage Company Ransomware Attack and Data Breach',
 'type': ['ransomware', 'data breach']}