MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC

Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million in revenue last quarter, provides tools to banks, credit unions, mortgage lenders and consumer reporting agencies in the United States. This week, the company was added to the leak site of AlphV/Black Cat, a ransomware gang believed to be based in Russia that has been involved in several brazen attacks, including the takedown of MGM Resorts. A spokesperson for MeridianLink confirmed to Recorded Future News that they recently identified a cybersecurity incident. "Upon discovery, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident," the spokesperson said. "Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption. If we determine that any consumer personal information was involved in this incident, we will provide notifications, as required by law." The attack drew the interest of security researchers because AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission for not informing the regulator of the incident, which they claim took place a week ago. AlphV confirmed to DataBreaches.net that it sent the SEC a notice about the attack. The ransomware gang later shared a photo of the form it sent the SEC and erroneously claimed MeridianLink violated the SEC's much-discussed new reporting rules, which in fact do not take effect until next month. If the rules were in effect, the company would have four days from when they detected a "Material" cyber event to report the incident. Companies and cybersecurity executives continue to debate what the SEC considers "Material" and the SEC plans to release more guidance on the term. During a talk at the Aspen Cyber Forum this week, several government officials confirmed that the rules do not mean that attacks need to be reported four days after they are discovered, but only after they are considered to have a significant effect on a company's bottom line. ALPHV BlackCat allegedly files SEC complaint against MeridanLink for failure to file a cybersecurity incident. A SEC spokesperson declined to comment when asked about the form or whether MeridianLink needed to report the incident. Another ransomware gang this summer threatened to report companies to European regulators for alleged violations of the General Data Protection Regulation - the European Union's far-reaching privacy law - if they did not pay ransoms. Jim Doggett, CISO at cybersecurity company Semperis, told Recorded Future News that the move, while eye-popping, may leave the group in the crosshairs of U.S. law enforcement agencies. Ilia Kolochenko, CEO at application security company ImmuniWeb, noted that misuse of the new SEC rules to put additional pressure on publicly traded companies was foreseeable. "Ransomware actors will likely start filing complaints with other US and EU regulatory agencies when the victims fail to disclose a breach within the timeframe provided by law. Having said that, not all security incidents are data breaches, and not all data breaches are reportable data breaches," said Kolochenko, who also serves as an adjunct professor of cybersecurity and law at Capitol Technology University. "Therefore, regulatory agencies and authorities should carefully scrutinize such reports and probably even establish a new rule to ignore reports uncorroborated with trustworthy evidence, otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyze their work." Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.

This Cyber News was published on therecord.media. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC

MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC - Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million ...
11 months ago Therecord.media
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
8 months ago Bleepingcomputer.com
BlackCat Ransomware Group Reports Victim to SEC - A prolific ransomware group appears to have reported one of its victims to the US Securities and Exchange Commission, in a bid to pressure payment. BlackCat/ALPHV said it compromised digital lending solutions provider MeridianLink on November 7, but ...
11 months ago Infosecurity-magazine.com
Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive - Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. ...
10 months ago Cysecurity.news
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
11 months ago Bleepingcomputer.com
HTC Global Services confirms cyberattack after data leaked online - IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering ...
11 months ago Bleepingcomputer.com
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
9 months ago Darkreading.com
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
10 months ago Bleepingcomputer.com
Kraft Heinz investigates hack claims, says systems 'operating normally' - Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after an extortion group listed them on a data leak site. Kraft Heinz is one of the world's largest food and beverage companies, with ...
11 months ago Bleepingcomputer.com
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
10 months ago Bleepingcomputer.com
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
4 months ago Bleepingcomputer.com
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
4 months ago Bleepingcomputer.com
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
11 months ago Bleepingcomputer.com
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
10 months ago Securityboulevard.com
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
1 year ago Heimdalsecurity.com
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
10 months ago Bleepingcomputer.com
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
10 months ago Techtarget.com
Nissan Australia cyberattack claimed by Akira ransomware gang - Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators ...
10 months ago Bleepingcomputer.com
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
11 months ago Bleepingcomputer.com
Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24 - Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, ...
11 months ago Malwarebytes.com
Biden veto waiting for bill to kill SEC breach report rule The Register - The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The joint resolution, along with House Joint Resolution 100, ...
9 months ago Go.theregister.com
BlackCat ransomware claims breach of healthcare giant Henry Schein - The BlackCat ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information. Henry Schein is a healthcare solutions provider and a Fortune 500 ...
11 months ago Bleepingcomputer.com
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
10 months ago Feeds.fortinet.com
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems - U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal. Mr. Cooper is a mortgage lending company based out of Dallas, Texas, that employs ...
11 months ago Bleepingcomputer.com
Understanding Each Link of the Cyberattack Impact Chain - It's often difficult to fully appreciate the impact of a successful cyberattack. Other consequences aren't so obvious - from a loss of customer trust and potential business to stolen data that may surface as part of another cyberattack years later. ...
11 months ago Securityboulevard.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)