MeridianLink breach delivers the funniest moment cyberspace has ever seen
A notorious ransomware group known as ALPHV/BlackCat has taken extortion to a new level by filing a complaint with the U.S. Securities and Exchange Commission (SEC) against one of their alleged victims, MeridianLink, for failing to disclose Meridianlink breach within the required four-day timeframe.
Yes, you heard us right. The attackers have filed a complaint about the victim.
According to the ALPHV/BlackCat complaint filed with the SEC, reported by DataBreaches.net, the ransomware group successfully performed the MeridianLink breach, accessing their network on November 7 and exfiltrated sensitive data without encrypting systems.
The attackers claim that MeridianLink failed to promptly disclose the incident, violating SEC regulations that mandate timely disclosure of material events, including cybersecurity breaches.
See the claim below.
The MeridianLink breach got reported to SEC by the attackers
Publicly traded companies are subject to SEC regulations that mandate timely disclosure of material events, including cybersecurity breaches. These rules are designed to protect investors and maintain market transparency.
To substantiate their complaint, ALPHV/BlackCat published screenshots on their leak site, demonstrating their submission to the SEC's Tips, Complaints, and Referrals page.
The group also provided a copy of the SEC's acknowledgment of receipt, further supporting their claim of filing the complaint.
In response to the SEC complaint and ALPHV/BlackCat's public disclosure, MeridianLink issued a statement acknowledging the cyberattack.
The company stated that upon identifying the intrusion, they immediately took steps to contain the threat and engaged cybersecurity experts to investigate the incident.
Read also: Equifax data breach claims are extended.
The effects of the Meridianlink breach are not massive
MeridianLink assured its customers that their investigation had revealed no evidence of unauthorized access to production platforms and that the incident had caused minimal business interruption.
The company also indicated that they were still determining the extent of data exposure and would notify affected parties if necessary.
While ransomware gangs have previously threatened to report breaches and data theft to the SEC, this may be the first publicly confirmed instance of such a complaint being filed.
Featured image credit: MeridianLink.Advertisement