Towne Mortgage Company

Towne Mortgage Company, a full-service mortgage lender, suffered a **ransomware attack** by the **BlackByte ransomware group**, leading to a **major data breach**. Unauthorized access to the company’s network was detected on **June 7, 2025**, and a forensic investigation later confirmed that **customer data files were copied** from its systems. The breach was publicly disclosed on **November 14, 2025**, after BlackByte published **sample stolen data** on its dark web portal on **July 30, 2025**, heightening risks of **identity theft and fraud**.The compromised data included **personal information of customers**, exposing them to potential financial and reputational harm. In response, Towne Mortgage offered **24-month credit monitoring, fraud alerts, and security freeze guidance** to affected individuals. The attack underscores the severe consequences of ransomware-driven breaches, where **data exfiltration and extortion** compound the damage beyond mere encryption.The incident highlights the **criminal intent** behind the attack, with the threat actor actively **leaking sensitive data** to pressure the company. Customers were advised to monitor financial accounts and credit reports for unauthorized activity, reflecting the **long-term risks** posed by such breaches.

Source: https://www.claimdepot.com/data-breach/towne-mortgage-2025

AmeriCU Mortgage cybersecurity rating report: https://www.rankiteo.com/company/americu-mortgage

"id": "AME1192511111525",
"linkid": "americu-mortgage",
"type": "Ransomware",
"date": "6/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"

{'affected_entities': [{'industry': 'mortgage lending',
                        'name': 'Towne Mortgage Company',
                        'type': 'private company'}],
 'customer_advisories': ['enroll in 24-month credit monitoring via Cyberscout',
                         'place fraud alerts/security freezes with credit '
                         'bureaus',
                         'monitor financial accounts for unauthorized '
                         'activity'],
 'data_breach': {'data_encryption': True,
                 'data_exfiltration': True,
                 'personally_identifiable_information': True,
                 'sensitivity_of_data': 'high (potential for identity '
                                        'theft/fraud)',
                 'type_of_data_compromised': ['personal information']},
 'date_detected': '2025-06-07',
 'date_publicly_disclosed': '2025-11-14',
 'description': 'Full-service mortgage lender Towne Mortgage Company disclosed '
                'a major data breach following a ransomware attack by the '
                'BlackByte group. Unauthorized access was detected on June 7, '
                '2025, with sample customer data published on the dark web on '
                'July 30, 2025. The breach was publicly disclosed on November '
                '14, 2025, after a forensic investigation confirmed that files '
                'containing customer data may have been copied. Affected '
                'individuals were notified and offered 24-month credit '
                'monitoring and fraud assistance services.',
 'impact': {'brand_reputation_impact': 'high (potential identity theft and '
                                       'fraud risks)',
            'data_compromised': True,
            'identity_theft_risk': 'high'},
 'initial_access_broker': {'data_sold_on_dark_web': True,
                           'high_value_targets': ['customer personal data']},
 'investigation_status': 'completed (forensic investigation and manual review '
                         'conducted)',
 'motivation': ['financial gain', 'data theft'],
 'post_incident_analysis': {'corrective_actions': ['credit monitoring services '
                                                   'for affected individuals',
                                                   'fraud prevention '
                                                   'guidance']},
 'ransomware': {'data_encryption': True,
                'data_exfiltration': True,
                'ransomware_strain': 'BlackByte'},
 'regulatory_compliance': {'regulatory_notifications': ['Massachusetts '
                                                        'Attorney General']},
 'response': {'communication_strategy': ['notification letters to affected '
                                         'individuals',
                                         'public disclosure to Massachusetts '
                                         'Attorney General',
                                         'advisories on credit monitoring '
                                         'enrollment (90-day window)',
                                         'guidance on fraud alerts/security '
                                         'freezes with Equifax, Experian, and '
                                         'TransUnion'],
              'incident_response_plan_activated': True,
              'recovery_measures': ['notification to affected individuals',
                                    '24-month credit monitoring (Cyberscout)',
                                    'single bureau credit reports',
                                    'credit score services',
                                    'fraud assistance and guidance'],
              'remediation_measures': ['forensic investigation',
                                       'manual review of compromised data'],
              'third_party_assistance': ['Cyberscout (TransUnion)']},
 'stakeholder_advisories': ['credit monitoring enrollment (within 90 days)',
                            'fraud alert/security freeze guidance',
                            'regular review of financial statements and credit '
                            'reports'],
 'threat_actor': 'BlackByte ransomware group',
 'title': 'Towne Mortgage Company Ransomware Attack and Data Breach',
 'type': ['ransomware', 'data breach']}