Cyber Incident Victim: Betenbough Homes

On May 3, 2021, Betenbough Homes, a Texas-based homebuilder, experienced a ransomware attack perpetrated by the Sodinokibi (REvil) threat actor group. The attackers compromised the company's systems and subsequently listed Betenbough on their dark web leak site to pressure the organization into paying an extortion demand. REvil publicly disclosed the breach on their platform on May 15, 2021, though the initial intrusion occurred twelve days earlier. During this period, the cybercriminals exfiltrated sensitive personal information from Betenbough's systems, including driver's license images containing multiple personal data elements. The company detected the system compromise immediately upon occurrence but did not initially recognize the full scope of data exposure.

Betenbough Homes confirmed the data theft on May 15, 2021, when REvil posted proof-of-hack evidence. The organization promptly initiated response measures by notifying potentially affected individuals and offering credit monitoring services. Company President Cal Zant stated they engaged cybersecurity experts to monitor the attack and legal professionals to guide customer protection efforts. Betenbough emphasized its commitment to protecting employees, customers, and partners from criminal threats, though did not disclose whether ransom negotiations occurred or the amount demanded. REvil's leak site posting included redacted driver's license images demonstrating the exposure of personal information, but no full data dump was referenced in available reporting. The incident drew parallels to the contemporaneous Colonial Pipeline ransomware attack involving the DarkSide group, though Betenbough's case remained distinct in its lack of confirmed ransom payment details or operational disruption disclosures. The company maintained its remediation efforts focused on system recovery and protecting stakeholder data throughout the incident timeline.