BleepingComputer reports that U.S. financial software firm MeridianLink has been snitched on by the ALPHV/BlackCat ransomware operation in a complaint filed with the U.S. Securities and Exchange Commission, alleging the company's failure to disclose a purported cyberattack within the SEC's four-day breach notification limit.
MeridianLink had its network infiltrated and corporate data stolen on Nov. 7 but the company's silence regarding the incident may have prompted further action from ALPHV/BlackCat, which noted in its SEC complaint that the firm was affected by a "significant breach" that has not been reported within four business days after the attack, while posting proof that its complaint was received by the SEC.
However, such an incident reporting period has been introduced in new SEC rules that will only be effective beginning Dec. 15.
MeridianLink has already confirmed the incident and while an investigation into potential personal data exfiltration is underway, it noted that there has been no evidence suggesting any production platform compromise.
Ransomware, Government Regulations
ALPHV/BlackCat boosts extortion efforts with SEC complaint
An In-Depth Guide to Ransomware
Get essential knowledge and practical strategies to protect your organization from ransomware attacks.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds