Ransomware Group: AKIRA

VICTIM NAME: Integrity Mortgage

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The ransomware leak page pertains to Integrity Mortgage, a financial services provider operating under the MAC 5 Mortgage umbrella. The attack was discovered on June 24, 2025, with the compromise date also noted as June 24, 2025. The threat actors claim to have obtained over 8 GB of sensitive corporate documents. These include detailed personal client information such as scanned passports, social security numbers, driver’s licenses, and credit card data. Additionally, the leak encompasses extensive company financial records, including audits, payment details, reports, and invoices. The page indicates the threat actors are prepared to upload or leak this highly sensitive data, which poses significant privacy and security risks to clients and the company. The leak also features screenshots that suggest the content includes internal documentation and confidential material. The victim operates in the financial sector and presumably serves numerous clients, making this leak particularly concerning for data privacy and client confidentiality. No specific URLs or download links are provided, but the presence of leaked data highlights a serious cybersecurity incident. The disclosure underscores the importance of robust security measures to prevent such breaches in financial organizations.–>

The leak page does not reveal the victim’s country, but it emphasizes the severity of the breach through detailed descriptions of the compromised data. The threat actors have expressed readiness to share or sell the extracted information, which contains highly sensitive client identifiers and financial documentation. The incident highlights the ongoing threat of ransomware attacks targeting financial institutions and underscores the potential for widespread data exposure, including personal identities and corporate financial details. The inclusion of internal screenshots suggests that the attackers have access to confidential internal systems, increasing the risk of further infiltration or damage. Stakeholders should consider this leak a stark reminder of the importance of strong cybersecurity defenses and data encryption practices to safeguard sensitive information vulnerable to such malicious attacks.–>