🔒 SEC Complaint by Ransomware Group
A ransomware gang has complained to the SEC, claiming a victim didn't report a data breach they caused.
💻 MeridianLink's Alleged Breach
MeridianLink, a digital lending solutions provider, is said to be compromised by Alphv and BlackCat ransomware groups.
🖥️ Threat of Data Release
The cybercriminals claim to have stolen substantial data and are threatening its release unless a ransom is paid.
⏱️ Reporting Delay Accusations
MeridianLink is accused of not reporting the breach within the required four-day period, leading to a complaint by the hackers to the SEC.
📸 SEC Receives Complaint Evidence
BlackCat has shown proof that the SEC received their complaint about MeridianLink.
🚨 First SEC Complaint by Ransomware Group
This incident marks the first time a ransomware group has filed an SEC complaint against a victim.
📅 Discrepancies in Attack Dates
There's a conflict in reported dates of the hack, with the hackers and MeridianLink providing different timelines.
🔍 MeridianLink’s Investigation and Response
MeridianLink claims rapid action was taken, with minimal business disruption and no evidence of unauthorized access to production platforms.
📜 New SEC Regulations
New SEC data breach disclosure rules will be effective from mid-December 2023, with companies required to report relevant cybersecurity events within four days.