November 15, 2023 at 09:04PM
The ALPHV/BlackCat ransomware group has filed a complaint with the U.S. Securities and Exchange Commission (SEC) against software company MeridianLink for not disclosing a cyberattack within the four-day rule. The ransomware group threatened to leak stolen data unless a ransom was paid. MeridianLink confirmed the cyberattack and stated that it is working to determine the impact on consumer personal information. This may be the first public confirmation of a ransomware group reporting a breach to the SEC.
Key takeaways from the meeting notes:
1. The ALPHV/BlackCat ransomware operation has filed a complaint with the U.S. Securities and Exchange Commission (SEC) against MeridianLink, a software company, for not complying with disclosure requirements after a cyberattack.
2. The ransomware gang claims to have breached MeridianLink’s network on November 7 and stolen company data without encrypting systems.
3. The hackers have threatened to leak the allegedly stolen data unless a ransom is paid within 24 hours.
4. MeridianLink is a publicly traded company that provides digital solutions for financial institutions.
5. ALPHV published a screenshot of the complaint they filed with the SEC on their website.
6. The SEC has adopted new rules requiring publicly traded companies to report cyberattacks that have a material impact.
7. The new SEC cybersecurity rules are set to take effect on December 15, 2023.
8. MeridianLink has confirmed the cyberattack and has taken immediate action to contain the threat and engage third-party experts to investigate.
9. At this point, there is no evidence of unauthorized access to production platforms, and the incident has caused minimal business interruption according to MeridianLink.
10. This incident may be the first public confirmation of a ransomware gang explicitly reporting a breach to the SEC.
11. Previous ransomware actors often contacted victims’ customers or intimidated them directly, but this case involves a complaint filed with the SEC.
Please let me know if you need any further details or if you have any specific questions.