Months after agreeing to pay $38.5 million to settle federal charges it violated the False Claims Act by improperly originating and underwriting mortgages insured by the Federal Housing Administration, Utah-headquartered Academy Mortgage now finds itself in the also-unenviable position of having its sensitive files dumped on the dark web by the AlphV (BlackCat) ransomware group.
On May 14, the threat actors added Academy Mortgage to their leak site, and even referenced the firm’s previous troubles:
We have been in your network for a long time and have had time to study your business. In addition, we have stolen your confidential data and are ready to publish it. We have your customer/partner data, personal data, finances, confidential data and so on.
Considering the recent underwriting fraud case that your company faced in December, a privacy data breach could have a devastating impact on your reputation and credibility. Such a breach could cause severe damage to public trust and lead to significant financial losses.
BlackCat’s post claims that the firm refused to pay anything and provides a number of screencapped files as proof of access to the firm’s system. Some of the files are images of drivers’ licenses, while other files are internal documents or statements. The post does not indicate whether BlackCat locked any files, or if it merely exfiltrated copies of files.
Academy does not seem to have posted anything on their website about any incident. DataBreaches emailed them asking them if they will confirm any of BlackCat’s claims and provide some additional details about whether their system was locked at all, but no reply was immediately available.