{ "id": "ab48be31-b6b2-4831-8b09-c3cbdff73c2e", "created_at": "2026-04-06T01:29:46.824884Z", "updated_at": "2026-04-10T03:29:39.823411Z", "deleted_at": null, "sha1_hash": "41fd5536e9c346b97ad8a18075e1d47fb52397d6", "title": "ALPHV ransomware claims loanDepot, Prudential Financial breaches", "llm_title": "", "authors": "", "file_creation_date": "0001-01-01T00:00:00Z", "file_modification_date": "0001-01-01T00:00:00Z", "file_size": 2698970, "plain_text": "ALPHV ransomware claims loanDepot, Prudential Financial breaches\r\nBy Sergiu Gatlan\r\nPublished: 2024-02-16 ยท Archived: 2026-04-06 00:40:39 UTC\r\nThe ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company\r\nPrudential Financial and mortgage lender loanDepot.\r\nThe two companies were added to ALPHV's dark web leak site today, with the threat actors still having to publish proof of\r\ntheir claims. ALPHV plans to sell the stolen data from loanDepot's network and release Prudential's data for free after failed\r\nnegotiations.\r\nloanDepot revealed on January 22 that at least 16.6 million people had their personal information stolen in the ransomware\r\nattack they confirmed on January 8, two days after disclosing it as a \"cyber incident\" on January 6.\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/\r\nPage 1 of 4\n\n0:00\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/\r\nPage 2 of 4\n\nVisit Advertiser websiteGO TO PAGE\r\nThe company said it would notify those impacted by the data breach and provide them with free credit monitoring and\r\nidentity protection services.\r\nloanDepot is one of the largest U.S. nonbank retail mortgage lenders, with roughly 6,000 employees and over $140 billion in\r\nserviced loans.\r\nOn Tuesday, Prudential Financial also revealed that a suspected cybercrime group breached its network on February 4 and\r\nstole employee and contractor data.\r\nPrudential said an ongoing investigation assesses the incident's full scope and impact but has yet to find evidence that the\r\nattackers also exfiltrated customer or client data.\r\nThis leading global financial services Fortune 500 company is the second-largest life insurance company in the U.S., with\r\nreported revenues of more than $50 billion in 2023, and it employs 40,000 people worldwide.\r\nloanDepot and Prudential entries on ALPHV's leak site (BleepingComputer)\r\nOn Thursday, the U.S. State Department announced rewards of up to $10 million for tips that could lead to the identification\r\nor location of ALPHV gang leaders.\r\nAn additional $5 million reward is offered for information on individuals linked to or attempting to participate in ALPHV\r\nransomware attacks.\r\nThe FBI linked this gang to over 60 breaches worldwide during its first four months of activity between November 2021 and\r\nMarch 2022. The law enforcement agency also estimates that ALPHV raked in at least $300 million in ransom payments\r\nfrom over 1,000 victims until September 2023.\r\nALPHV surfaced in November 2021 and is believed to be a rebrand of the DarkSide and BlackMatter ransomware\r\noperations.\r\nThe group gained worldwide notoriety after the Colonial Pipeline attack, which led to extensive investigations by law\r\nenforcement agencies worldwide and the operation going through two rebrands.\r\nThe FBI disrupted the gang's operation in December and temporarily took down its Tor negotiation and leak sites after\r\nbreaching its servers months earlier and creating a decryption tool.\r\nALPHV has since \"unseized\" their data leak site with the help of private keys they still owned and has now launched a new\r\nTor leak site the FBI has yet to take down.\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/\r\nPage 3 of 4\n\nAutomated Pentesting Covers Only 1 of 6 Surfaces.\r\nAutomated pentesting proves the path exists. BAS proves whether your controls stop it. Most teams run one without the\r\nother.\r\nThis whitepaper maps six validation surfaces, shows where coverage ends, and provides practitioners with three diagnostic\r\nquestions for any tool evaluation.\r\nSource: https://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/\r\nhttps://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/\r\nPage 4 of 4", "extraction_quality": 1, "language": "EN", "sources": [ "ETDA" ], "references": [ "https://www.bleepingcomputer.com/news/security/alphv-ransomware-claims-loandepot-prudential-financial-breaches/" ], "report_names": [ "alphv-ransomware-claims-loandepot-prudential-financial-breaches" ], "threat_actors": [ { "id": "d90307b6-14a9-4d0b-9156-89e453d6eb13", "created_at": "2022-10-25T16:07:23.773944Z", "updated_at": "2026-04-10T02:00:04.746188Z", "deleted_at": null, "main_name": "Lead", "aliases": [ "Casper", "TG-3279" ], "source_name": "ETDA:Lead", "tools": [ "Agentemis", "BleDoor", "Cobalt Strike", "CobaltStrike", "RbDoor", "RibDoor", "Winnti", "cobeacon" ], "source_id": "ETDA", "reports": null }, { "id": "6e23ce43-e1ab-46e3-9f80-76fccf77682b", "created_at": "2022-10-25T16:07:23.303713Z", "updated_at": "2026-04-10T02:00:04.530417Z", "deleted_at": null, "main_name": "ALPHV", "aliases": [ "ALPHV", "ALPHVM", "Ambitious Scorpius", "BlackCat Gang", "UNC4466" ], "source_name": "ETDA:ALPHV", "tools": [ "ALPHV", "ALPHVM", "BlackCat", "GO Simple Tunnel", "GOST", "Impacket", "LaZagne", "MEGAsync", "Mimikatz", "Munchkin", "Noberus", "PsExec", "Remcom", "RemoteCommandExecution", "WebBrowserPassView" ], "source_id": "ETDA", "reports": null } ], "ts_created_at": 1775438986, "ts_updated_at": 1775791779, "ts_creation_date": 0, "ts_modification_date": 0, "files": { "pdf": "https://archive.orkl.eu/41fd5536e9c346b97ad8a18075e1d47fb52397d6.pdf", "text": "https://archive.orkl.eu/41fd5536e9c346b97ad8a18075e1d47fb52397d6.txt", "img": "https://archive.orkl.eu/41fd5536e9c346b97ad8a18075e1d47fb52397d6.jpg" } }