CATEGORIES
home News

Ransomware Gang Adds Insult To Injury By Reporting Victim's Security Breach To The SEC

by Nathan OrdThursday, November 16, 2023, 12:02 PM EDT
blackcat alphv ransomware group files sec complaint against victim for not reporting
Ransomware gang BlackCat, otherwise known as ALPHV, is after the public spotlight following the Reddit data breach debacle earlier this year. Now, the group has breached another organization with MeridianLink and is causing a stir by filing a complaint with the Securities and Exchange Commission (SEC) to try and spur action. While this may seem amusing at first pass, it is quite concerning, especially given some of the group’s other tactics.

Yesterday, ALPHV posted that it had breached MeridianLink, a software-as-a-service (SaaS) company in the financial sector whose products power digital loan management, among other solutions. That initial post was seemingly taken down and replaced with what surmounts to a scare tactics blog post explaining that the group is giving MeridianLink 24 hours to pay up or have the compromised data published on the group’s Tor website.

report blackcat alphv ransomware group files sec complaint against victim for not reporting

ALPHV also notes that given SEC rules regarding the disclosure of cybersecurity incidents, the group has filed a complaint with the commission. The blog post explains that “SEC rules mandates public companies to promptly disclose material cybersecurity incidents under Item 1.05 of Form 8-K within four business days of determining such incidents to be material.” The group subsequently claims that MeridianLink did not follow this new rule and, as such, “reported this non-compliance.”

Despite ALPHV’s SEC complaint and statement, it is unclear whether the new reporting rules are in effect at the time of writing. According to the Federal Register’s published final rule from the SEC, “With respect to compliance with the incident disclosure requirements in Item 1.05 of Form 8–K and in Form 6–K, all registrants other than smaller reporting companies must begin complying on DECEMBER 18, 2023.” The other time frame for when Form 8-K would go into effect would be 90 days from publication in the Federal Register, which is on December 2nd given the effective date of September 5th, or September 2nd given a publication date of August 4th.

dox blackcat alphv ransomware group files sec complaint against victim for not reporting
Item 1: Email Address, Item 2: Name, Item 3: Phone Number

In any event, this demarcates a new type of thuggery and hooliganism from threat actors trying to push victims into paying up or facing the wrath of Uncle Sam. This may not be how the system was intended to be used, but we are here now. Moreover, it would appear that ALPHV has also published the contact details of Meridian’s CISO, CEO, wife of the CEO, and son of the CEO as part of this campaign. That is pretty despicable, as even though stakeholders have a right to know about a breach, it shouldn’t necessarily come at the cost of being doxxed.
Tags:  security, SEC, cybersecurity, Ransomware
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment