Ransomware gang files SEC complaint over victim’s undisclosed breach
I just had to make this one the lead story today. It’s the audacity of it for me.
Step 1: hack into a company.
Step 2: demand ransom.
Step 3: Get pissed at the lack of ransom payment.
Step 4: Tell SEC your victim isn’t complying with the new breach disclosure rule.
Alphv/BlackCat claims they breached MeridianLink's systems, stealing customer and operational data. They're now leveraging an SEC complaint to pressure the company into acknowledging the breach.
The company, MeridianLink, confirmed the attack. They say they've contained the threat and engaged experts for investigation.
“Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption.”
We’ve seen extortion techniques leveling up but this is a first. I’m guessing it won’t be the last.
