Ransomware Group: AKIRA

VICTIM NAME: PennantPark

NOTE: No files or stolen information are [exfiltrated/downloaded/taken/hosted/seen/reposted/disclosed] by RedPacket Security. Any legal issues relating to the content of the files should be directed at the attackers directly, not RedPacket Security. This blog is simply posting an editorial news post informing that a company has fallen victim to a ransomware attack. RedPacket Security is in no way affiliated or aligned with any ransomware threat actors or groups and will not host infringing content. The information on this page is fully automated and redacted whilst being scraped directly from the AKIRA Onion Dark Web Tor Blog page.

AI Generated Summary of the Ransomware Leak Page

The leak page associated with PennantPark, a financial services company specializing in middle market credit, indicates a security breach that has resulted in the unauthorized disclosure of sensitive data. The attack, which was publicly identified on July 7, 2025, involves the release of over 6 GB of confidential documents, including employee records, financial reports, client data, and other proprietary information. The compromised data is made available for download via torrent files or magnet links, which require a password for access. The exposure of such extensive information poses significant risks to the company’s operations and its clients’ privacy.

The leaked content includes detailed internal documents and reports, as well as personal information of employees such as social security numbers, identification, and passports. The attackers have provided instructions for downloading the data using common torrent clients, indicating a deliberate effort to facilitate access to the stolen information. The page features a screenshot placeholder, suggesting evidence or examples of the leaked data, although specific visuals are not provided. The incident highlights the persistent threat of cybercriminals targeting financial institutions to extract and disseminate sensitive information, potentially leading to identity theft, financial fraud, and reputational damage for the victim organization.