MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC

Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million in revenue last quarter, provides tools to banks, credit unions, mortgage lenders and consumer reporting agencies in the United States. This week, the company was added to the leak site of AlphV/Black Cat, a ransomware gang believed to be based in Russia that has been involved in several brazen attacks, including the takedown of MGM Resorts. A spokesperson for MeridianLink confirmed to Recorded Future News that they recently identified a cybersecurity incident. "Upon discovery, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident," the spokesperson said. "Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption. If we determine that any consumer personal information was involved in this incident, we will provide notifications, as required by law." The attack drew the interest of security researchers because AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission for not informing the regulator of the incident, which they claim took place a week ago. AlphV confirmed to DataBreaches.net that it sent the SEC a notice about the attack. The ransomware gang later shared a photo of the form it sent the SEC and erroneously claimed MeridianLink violated the SEC's much-discussed new reporting rules, which in fact do not take effect until next month. If the rules were in effect, the company would have four days from when they detected a "Material" cyber event to report the incident. Companies and cybersecurity executives continue to debate what the SEC considers "Material" and the SEC plans to release more guidance on the term. During a talk at the Aspen Cyber Forum this week, several government officials confirmed that the rules do not mean that attacks need to be reported four days after they are discovered, but only after they are considered to have a significant effect on a company's bottom line. ALPHV BlackCat allegedly files SEC complaint against MeridanLink for failure to file a cybersecurity incident. A SEC spokesperson declined to comment when asked about the form or whether MeridianLink needed to report the incident. Another ransomware gang this summer threatened to report companies to European regulators for alleged violations of the General Data Protection Regulation - the European Union's far-reaching privacy law - if they did not pay ransoms. Jim Doggett, CISO at cybersecurity company Semperis, told Recorded Future News that the move, while eye-popping, may leave the group in the crosshairs of U.S. law enforcement agencies. Ilia Kolochenko, CEO at application security company ImmuniWeb, noted that misuse of the new SEC rules to put additional pressure on publicly traded companies was foreseeable. "Ransomware actors will likely start filing complaints with other US and EU regulatory agencies when the victims fail to disclose a breach within the timeframe provided by law. Having said that, not all security incidents are data breaches, and not all data breaches are reportable data breaches," said Kolochenko, who also serves as an adjunct professor of cybersecurity and law at Capitol Technology University. "Therefore, regulatory agencies and authorities should carefully scrutinize such reports and probably even establish a new rule to ignore reports uncorroborated with trustworthy evidence, otherwise, exaggerated or even completely false complaints will flood their systems with noise and paralyze their work." Before moving back to New York City, he worked for news outlets in South Africa, Jordan and Cambodia.

This Cyber News was published on therecord.media. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC

MeridianLink confirms cyberattack after ransomware gang claims to report company to SEC - Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom. MeridianLink, which reported more than $76 million ...
1 year ago Therecord.media
10 Best Ransomware Protection Tools - 2025 - It protects devices from ransomware and other cyber threats using advanced threat intelligence, behavioral analysis, and cloud-based technology. It monitors and prevents ransomware assaults on personal files and automatically restores encrypted ...
3 months ago Cybersecuritynews.com
10 Best Ransomware File Decryptor Tools in 2025 - Kaspersky Rakhni Decryptor contains different decryption tools based on various versions of Rakhni ransomware and helps you decrypt encrypted files on your system. PyLocky Ransomware Decryption Tool is a free and open source developed and released by ...
1 month ago Cybersecuritynews.com
Waiting for the BlackCat rebrand - We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. While the Tor onion domain seizure was a ...
1 year ago Bleepingcomputer.com Medusa Cuba STORMOUS
CVE-2023-52998 - In the Linux kernel, the following vulnerability has been resolved: ...
2 months ago
BlackCat Ransomware Group Reports Victim to SEC - A prolific ransomware group appears to have reported one of its victims to the US Securities and Exchange Commission, in a bid to pressure payment. BlackCat/ALPHV said it compromised digital lending solutions provider MeridianLink on November 7, but ...
1 year ago Infosecurity-magazine.com
Guardians of Finance: loanDepot Confronts Alleged Ransomware Offensive - Among the leading lenders in the United States, loanDepot has confirmed that the cyber incident it announced over the weekend was a ransomware attack that encrypted data. In the United States, LoanDepot is one of the biggest nonbank mortgage lenders. ...
1 year ago Cysecurity.news
The Week in Ransomware - An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries. The threat actors are said to be affiliates of numerous ransomware ...
1 year ago Bleepingcomputer.com Qilin Cactus Black Basta
Ransomware Groups Gain Clout With False Attack Claims - The cybersecurity community is getting duped by fake breach claims from ransomware groups, experts say - and ransomware misinformation is a threat they predict will only grow in the coming months. The cybersecurity community should know that ...
1 year ago Darkreading.com
HTC Global Services confirms cyberattack after data leaked online - IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data. HTC Global Services is a managed service provider offering ...
1 year ago Bleepingcomputer.com Scattered Spider
The Week in Ransomware - Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. The FBI revealed this week that they hacked the BlackCat/ALPHV ...
1 year ago Bleepingcomputer.com LockBit Akira Noescape
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
11 months ago Bleepingcomputer.com Blacksuit
BlackSuit ransomware gang claims attack on KADOKAWA corporation - The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. KADOKAWA is a Japanese media conglomerate that operates numerous companies in film, publishing, ...
11 months ago Bleepingcomputer.com Blacksuit
Kraft Heinz investigates hack claims, says systems 'operating normally' - Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after an extortion group listed them on a data leak site. Kraft Heinz is one of the world's largest food and beverage companies, with ...
1 year ago Bleepingcomputer.com Qilin Snatch
Targeting homeowners' data - As these companies obtain a large amount of sensitive information from their customers, they become attractive targets for ransomware gangs to conduct double-extortion attacks. Finland is also warning of Akira ransomware increasingly targeting ...
1 year ago Bleepingcomputer.com LockBit Akira
The Week in Ransomware - Today's column brings you two weeks of information on the latest ransomware attacks and research after we skipped last week's article. BleepingComputer has learned that some of the BlackCat/ALPHV affiliates are not buying the explanation and have ...
1 year ago Bleepingcomputer.com LockBit Qilin Noescape
The Top 10 Ransomware Groups of 2023 - This article takes an in-depth look at the rise in ransomware attacks over the past year and the criminal groups driving the surge in cyber extortion. LockBit has established itself as one of the most notorious ransomware operations since emerging on ...
1 year ago Securityboulevard.com TA505 8base LockBit BianLian Medusa Noescape Black Basta
Hive Ransomware: A Detailed Analysis - This past week, on January 26th, to be exact, the FBI successfully shut down the Hive ransomware group and saved victims over a hundred million dollars in ransom payments and remediation costs. As ransomware continues to be a national security threat ...
2 years ago Heimdalsecurity.com LockBit
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs - Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang. The 3AM ransomware gang's activity was first ...
1 year ago Bleepingcomputer.com Blacksuit LockBit Threeam
CISOs on alert following SEC charges against SolarWinds - While the outcome of the Security and Exchange Commission's complaint against SolarWinds remains to be seen, infosec experts say the charges are likely to have a major impact on the role of the CISO going forward. In late October, the SEC charged ...
1 year ago Techtarget.com
Why a ransomware gang tattled on its victim, with Allan Liska: Lock and Code S04E24 - Like the grade-school dweeb who reminds their teacher to assign tonight's homework, or the power-tripping homeowner who threatens every neighbor with an HOA citation, the ransomware group ALPHV can now add itself to a shameful roster of pathetic, ...
1 year ago Malwarebytes.com Meow
Black Basta ransomware made over $100 million from extortion - Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic. Over 329 victims ...
1 year ago Bleepingcomputer.com Carbanak FIN7 Qilin Black Basta
Ransomware Roundup - The Ransomware Roundup report aims to provide readers with brief insights into the evolving ransomware landscape and the Fortinet solutions that protect against those variants. This edition of the Ransomware Roundup covers the 8base ransomware. 8base ...
1 year ago Feeds.fortinet.com 8base
Nissan Australia cyberattack claimed by Akira ransomware gang - Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. In a new entry added to the operation's date leak blog on December 22, Akira says that its operators ...
1 year ago Bleepingcomputer.com Akira Qilin
Biden veto waiting for bill to kill SEC breach report rule The Register - The Biden administration has expressed to congressional representatives its strong opposition to undoing the Securities and Exchange Commission's strict data breach reporting rule. The joint resolution, along with House Joint Resolution 100, ...
1 year ago Go.theregister.com