Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

SEC pulled into MeridianLink breach by hackers’ complaint

What's really wild is hackers filed a complaint with a big government agency, the SEC, saying MeridianLink didn't follow the rules about telling people quickly when they get hacked

byKerem Gülen
November 21, 2023
in Cybersecurity

The MeridianLink breach has taken a dramatic turn, showcasing the evolving strategies of cybercriminals in the digital age. The ALPHV/BlackCat ransomware group, known for their sophisticated extortion tactics, has now filed a formal complaint with the U.S. Securities and Exchange Commission. This bold move accuses MeridianLink, a prominent software company, of failing to comply with the strict four-day rule mandated for disclosing cyberattacks.

In a recent development, MeridianLink, known for its digital solutions catering to financial institutions like banks, credit unions, and mortgage lenders, found itself spotlighted on the threat actor’s data leak site.

The stakes are high: the group has issued an ultimatum to MeridianLink, demanding a ransom within 24 hours to prevent the release of the purportedly stolen data. This MeridianLink breach marks a significant escalation in the tactics employed by ransomware operators, showcasing their growing audacity in targeting major, publicly traded companies.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

Delving deeper into the MeridianLink breach, we uncover more layers of this cybersecurity crisis. DataBreaches.net reports that ALPHV, also known as BlackCat, claims to have infiltrated MeridianLink’s network on November 7. Their strategy diverged from the typical ransomware playbook: instead of encrypting the company’s systems, they purportedly opted to exfiltrate sensitive data.

meridianlink breach
The MeridianLink breach has taken a dramatic turn, showcasing the evolving strategies of cybercriminals (Image credit)

In a twist of events, the ransomware group expressed that while MeridianLink seemingly initiated contact, no substantial communication had occurred regarding a potential ransom for the alleged stolen data. This apparent silence from MeridianLink may have spurred the cybercriminals to adopt a more aggressive stance. They escalated matters by lodging a complaint with the U.S. Securities and Exchange Commission (SEC), accusing MeridianLink of failing to disclose a cybersecurity incident that compromised vital customer data and operational information.

To lend credibility to their claims, ALPHV went as far as to display a screenshot on their website, showcasing the filled-out form on the SEC’s Tips, Complaints, and Referrals page. In their communication to the SEC, the attackers labeled the incident a “significant breach,” alleging MeridianLink’s non-compliance with the disclosure requirements outlined in Form 8-K, under Item 1.05.


Canada data breach exposes government personnel information


This situation echoes a broader context of escalating cybersecurity threats in the U.S. In response to a surge in such incidents like MeridianLink breach, the SEC has implemented new regulations. These rules mandate that publicly traded companies promptly report cyberattacks that could materially influence investment decisions. The MeridianLink breach not only highlights the evolving tactics of ransomware groups but also underscores the critical importance of timely and transparent disclosure.

The new SEC rule stipulates that such incidents must be reported within four business days after a company recognizes the materiality of the breach.

However, there’s a critical timeline to consider. Reuters highlighted in early October that these new SEC cybersecurity rules are slated to become effective on December 15, 2023. This detail adds a layer of complexity to the MeridianLink situation.

Further intensifying the drama, ALPHV has showcased on their site the SEC’s acknowledgment of their complaint against MeridianLink. This move is a clear effort by the ransomware group to prove the legitimacy of their submission and to demonstrate that their actions have tangible repercussions in the regulatory sphere.

MeridianLink breach is officialy confirmed

In a recent development, MeridianLink has acknowledged the cyberattack. Addressing BleepingComputer, the company detailed its immediate response to the incident, highlighting swift actions to contain the threat and the involvement of third-party cybersecurity experts to conduct a thorough investigation.

MeridianLink is currently in the process of assessing whether any consumer personal information was compromised during the cyberattack. The company assures that it will inform affected individuals if any personal data was indeed impacted.

meridianlink breach
MeridianLink breach is officialy confirmed (Image credit)

In a reassuring statement, MeridianLink conveyed, “Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption.”

This scenario marks a significant moment in the landscape of ransomware and extortion tactics. While many cybercriminal groups have previously threatened to report breaches to the SEC, this incident involving MeridianLink may be the first public acknowledgment of such a report actually being made.

Historically, ransomware actors have applied pressure on their victims in various ways, including notifying the victims’ customers about the breach or directly intimidating the victim through phone calls. The move by ALPHV to file a complaint with the SEC represents a novel and more formal escalation in the strategies employed by these cyber extortionists.


Featured image credit: Kerem Gülen/Midjourney

Tags: Data BreachFeatured

Related Posts

Free and effective anti-robocall tools are now available

Free and effective anti-robocall tools are now available

October 3, 2025
WestJet cyberattack: 1.2m passengers’ data stolen

WestJet cyberattack: 1.2m passengers’ data stolen

October 2, 2025
Wiz: AI vibe coding leads to insecure authentication

Wiz: AI vibe coding leads to insecure authentication

September 29, 2025
DHS uses AI to detect AI-generated child abuse material

DHS uses AI to detect AI-generated child abuse material

September 29, 2025
Salesforce Agentforce hit by Noma “ForcedLeak” exploit

Salesforce Agentforce hit by Noma “ForcedLeak” exploit

September 26, 2025
Co-op Group reports £75m loss after April cyber-attack

Co-op Group reports £75m loss after April cyber-attack

September 25, 2025

LATEST NEWS

ChatGPT reportedly reduces reliance on Reddit as a data source

Perplexity makes Comet AI browser free, launches background assistant and Chess.com partnership

Light-powered chip makes AI computation 100 times more efficient

Free and effective anti-robocall tools are now available

Choosing the right Web3 server: OVHcloud options for startups to enterprises

Z.AI GLM-4.6 boosts context window to 200K tokens

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.