MeridianLink breach delivers the funniest moment cyberspace has ever seen

Emre Çitak
Nov 21, 2023
Misc
|
4

A notorious ransomware group known as ALPHV/BlackCat has taken extortion to a new level by filing a complaint with the U.S. Securities and Exchange Commission (SEC) against one of their alleged victims, MeridianLink, for failing to disclose Meridianlink breach within the required four-day timeframe.

Yes, you heard us right. The attackers have filed a complaint about the victim.

According to the ALPHV/BlackCat complaint filed with the SEC, reported by DataBreaches.net, the ransomware group successfully performed the MeridianLink breach, accessing their network on November 7 and exfiltrated sensitive data without encrypting systems.

The attackers claim that MeridianLink failed to promptly disclose the incident, violating SEC regulations that mandate timely disclosure of material events, including cybersecurity breaches.

See the claim below.

Attackers reported the MeridianLink breach to SEC - Image courtesy of DataBreaches.net

The MeridianLink breach got reported to SEC by the attackers

Publicly traded companies are subject to SEC regulations that mandate timely disclosure of material events, including cybersecurity breaches. These rules are designed to protect investors and maintain market transparency.

To substantiate their complaint, ALPHV/BlackCat published screenshots on their leak site, demonstrating their submission to the SEC's Tips, Complaints, and Referrals page.

The group also provided a copy of the SEC's acknowledgment of receipt, further supporting their claim of filing the complaint.

In response to the SEC complaint and ALPHV/BlackCat's public disclosure, MeridianLink issued a statement acknowledging the cyberattack.

The company stated that upon identifying the intrusion, they immediately took steps to contain the threat and engaged cybersecurity experts to investigate the incident.

Read alsoEquifax data breach claims are extended.

The effects of the Meridianlink breach are not massive

MeridianLink assured its customers that their investigation had revealed no evidence of unauthorized access to production platforms and that the incident had caused minimal business interruption.

The company also indicated that they were still determining the extent of data exposure and would notify affected parties if necessary.

While ransomware gangs have previously threatened to report breaches and data theft to the SEC, this may be the first publicly confirmed instance of such a complaint being filed.

Featured image credit: MeridianLink.

Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Tom Hawack said on November 21, 2023 at 4:24 pm
    Reply

    A blend of humor and quest for fame revealed. Money is one thing but showing off who’s the best among ransomware groups is another. Letting the world know must be so gratifying. Funny or not, quite a nerve it is to fill a complaint about the victim when you have in mind the destruction behind. Jerks, smart jerks often, with a kid’s mentality, always, totally disconnected from the basics of human relationships.

    1. bruh said on November 23, 2023 at 5:15 pm
      Reply

      “with a kid’s mentality, always, totally disconnected from the basics of human relationships.”?

      What do you know, seriously? This last statement is totally baseless and pure speculation.

      What’s more childish is not reporting when you have been breached, as a company, it’s their legal obligation to inform their customers and stakeholders of this type of thing.

      1. Tom Hawack said on November 24, 2023 at 10:10 am
        Reply

        Showing up, the quest for fame is relevant of a kid’s mentality, a total lack of compassion is relevant of a disconnection from the very basics of humanity. Of course we have hi-tech attackers who only comply to the latter. To summarize : always jerks and most of the time assholes who like to show up their exploits like others their prison tickets once they get liberated from jail.
        Not reporting when you have been breached is not childish but irresponsible, yet understandable. To understand is one thing, to agree is another. What would each of us do if confronted to such situations ?

  2. bruh said on November 21, 2023 at 3:10 pm
    Reply

    That is hilarious – nice work chat-gpt, you found an article that humans find humorous!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.