MeridianLink breach delivers the funniest moment cyberspace has ever seen
A notorious ransomware group known as ALPHV/BlackCat has taken extortion to a new level by filing a complaint with the U.S. Securities and Exchange Commission (SEC) against one of their alleged victims, MeridianLink, for failing to disclose Meridianlink breach within the required four-day timeframe.
Yes, you heard us right. The attackers have filed a complaint about the victim.
According to the ALPHV/BlackCat complaint filed with the SEC, reported by DataBreaches.net, the ransomware group successfully performed the MeridianLink breach, accessing their network on November 7 and exfiltrated sensitive data without encrypting systems.
The attackers claim that MeridianLink failed to promptly disclose the incident, violating SEC regulations that mandate timely disclosure of material events, including cybersecurity breaches.
See the claim below.
The MeridianLink breach got reported to SEC by the attackers
Publicly traded companies are subject to SEC regulations that mandate timely disclosure of material events, including cybersecurity breaches. These rules are designed to protect investors and maintain market transparency.
To substantiate their complaint, ALPHV/BlackCat published screenshots on their leak site, demonstrating their submission to the SEC's Tips, Complaints, and Referrals page.
The group also provided a copy of the SEC's acknowledgment of receipt, further supporting their claim of filing the complaint.
In response to the SEC complaint and ALPHV/BlackCat's public disclosure, MeridianLink issued a statement acknowledging the cyberattack.
The company stated that upon identifying the intrusion, they immediately took steps to contain the threat and engaged cybersecurity experts to investigate the incident.
Read also: Equifax data breach claims are extended.
The effects of the Meridianlink breach are not massive
MeridianLink assured its customers that their investigation had revealed no evidence of unauthorized access to production platforms and that the incident had caused minimal business interruption.
The company also indicated that they were still determining the extent of data exposure and would notify affected parties if necessary.
While ransomware gangs have previously threatened to report breaches and data theft to the SEC, this may be the first publicly confirmed instance of such a complaint being filed.
Featured image credit: MeridianLink.
Advertisement
A blend of humor and quest for fame revealed. Money is one thing but showing off who’s the best among ransomware groups is another. Letting the world know must be so gratifying. Funny or not, quite a nerve it is to fill a complaint about the victim when you have in mind the destruction behind. Jerks, smart jerks often, with a kid’s mentality, always, totally disconnected from the basics of human relationships.
“with a kid’s mentality, always, totally disconnected from the basics of human relationships.”?
What do you know, seriously? This last statement is totally baseless and pure speculation.
What’s more childish is not reporting when you have been breached, as a company, it’s their legal obligation to inform their customers and stakeholders of this type of thing.
Showing up, the quest for fame is relevant of a kid’s mentality, a total lack of compassion is relevant of a disconnection from the very basics of humanity. Of course we have hi-tech attackers who only comply to the latter. To summarize : always jerks and most of the time assholes who like to show up their exploits like others their prison tickets once they get liberated from jail.
Not reporting when you have been breached is not childish but irresponsible, yet understandable. To understand is one thing, to agree is another. What would each of us do if confronted to such situations ?
That is hilarious – nice work chat-gpt, you found an article that humans find humorous!