Cyber Incident Victim: DRI Title & Escrow

TheDarkOverlord (TDO) publicly announced its cyberattack on DRI Title & Escrow (Drititle) via a December 25, 2016, press release published on a public paste site. TDO claimed to have compromised Drititle's systems and leaked a sample of stolen documents after the company refused to cooperate with unspecified extortion demands. The Omaha-based title insurance and settlement service provider was targeted alongside G.S. Polymers, with TDO characterizing both companies as exhibiting "unacceptable behaviour" by rejecting negotiation attempts. Leaked sample documents included mortgage closing paperwork containing personal information, client lists, invoices, and publicly available property records. TDO threatened to release Drititle's entire dataset unless the company acquiesced to their demands, consistent with their pattern of escalating data dumps for non-compliant victims. Drititle did not initially respond to media inquiries about the intrusion timeline, initial detection methods, or ransom amount.

Drititle's President, Troy Padraza, confirmed in a December 24 statement that the company received TDO's extortion email that day, prompting immediate containment actions. The firm secured its IT infrastructure and initiated security enhancements to protect personal information, though technical specifics of the breach vector were not disclosed. A March 1, 2017 update confirmed Drititle had notified affected clients, with notification letters acknowledging unauthorized system access but omitting details about data types or volumes compromised beyond the samples TDO leaked. The company expressed regret for potential inconveniences but did not disclose whether any data was fully released or sold after their refusal to pay. Law enforcement scrutiny of TDO intensified following these attacks due to concerns over defense-related data from parallel breaches, though Drititle's incident appeared confined to real estate and corporate operational documents.