SoylentNews
SoylentNews is people
https://soylentnews.org/

Title    Ransomware Gang Files SEC Complaint over Victim’s Undisclosed Breach
Date    Monday November 20 2023, @08:37AM
Author    hubie
Topic   
from the pay-up-or-we'll-report-you dept.
https://soylentnews.org/article.pl?sid=23/11/19/038252

fliptop writes:

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack:

Earlier today, the threat actor listed the software company MeridianLink on their data leak with a threat that they would leak allegedly stolen data unless a ransom is paid in 24 hours.

MeridianLink is a publicly traded company that provides digital solutions for financial organizations such as banks, credit unions, and mortgage lenders.

According to DataBreaches.net, the ALPHV ransomware gang said they breached MeridianLink's network on November 7 and stole company data without encrypting systems.

The ransomware actor said that "it appears MeridianLink reached out, but we are yet to receive a message on their end" to negotiate a payment in exchange for not leaking the supposedly stolen data.

The alleged lack of response from the company likely prompted the hackers to exert more pressure by sending a complaint to the U.S. Securities and Exchange Commission (SEC) about MeridianLink not disclosing a cybersecurity incident that impacted "customer data and operational information."

[...] In their own words, the attacker told the SEC that MeridianLink suffered a "significant breach" and did not disclose it as required in Form 8-K, under Item 1.05.

The SEC's new cybersecurity rules are set to take effect on December 15, 2023.

Originally spotted on Schneier on Security.

Related: Teens With "Digital Bazookas" Are Winning the Ransomware War, Researcher Laments


Original Submission

Links

  1. "fliptop" - https://soylentnews.org/~fliptop/
  2. "not complying with the four-day rule to disclose a cyberattack" - https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/
  3. "DataBreaches.net" - http://www.databreaches.net/alphv-files-an-sec-complaint-against-meridianlink-for-not-disclosing-a-breach-to-the-sec/
  4. "new cybersecurity rules" - https://www.bleepingcomputer.com/news/security/sec-now-requires-companies-to-disclose-cyberattacks-in-4-days/
  5. "Schneier on Security" - https://www.schneier.com/blog/archives/2023/11/ransomware-gang-files-sec-complaint.html
  6. "Teens With "Digital Bazookas" Are Winning the Ransomware War, Researcher Laments" - https://soylentnews.org/article.pl?sid=23/11/16/122239
  7. "Original Submission" - https://soylentnews.org/submit.pl?op=viewsub&subid=61463

© Copyright 2024 - SoylentNews, All Rights Reserved

printed from SoylentNews, Ransomware Gang Files SEC Complaint over Victim’s Undisclosed Breach on 2024-12-07 08:43:29