Security News > 2023 > November > Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
Hackers snitch to the SEC. According to DataBreaches.net, the ALPHV ransomware gang said they breached MeridianLink's network on November 7 and stole company data without encrypting systems.
The ransomware actor said that "It appears MeridianLink reached out, but we are yet to receive a message on their end" to negotiate a payment in exchange for not leaking the supposedly stolen data.
The alleged lack of response from the company likely prompted the hackers to exert more pressure by sending a complaint to the U.S. Securities and Exchange Commission about MeridianLink not disclosing a cybersecurity incident that impacted "Customer data and operational information."
ALPHV also provided on their site the reply they received from the SEC to the complaint against MeridianLink, to show that the submission was received.
Seiko says ransomware attack exposed sensitive customer data.
News URL
Related news
- Tech giant Nidec confirms data breach following ransomware attack (source)
- Henry Schein discloses data breach a year after ransomware attack (source)
- Black Basta ransomware poses as IT support on Microsoft Teams to breach networks (source)
- Fog ransomware targets SonicWall VPNs to breach corporate networks (source)
- LA housing authority confirms breach claimed by Cactus ransomware (source)
- Helldown ransomware exploits Zyxel VPN flaw to breach networks (source)