Article 6GEJF Ransomware group reports victim it breached to SEC regulators

Ransomware group reports victim it breached to SEC regulators

by
Dan Goodin
from Ars Technica - All content on (#6GEJF)
ransomware-800x600.jpeg

Enlarge (credit: Getty Images)

One of the world's most active ransomware groups has taken an unusual-if not unprecedented-tactic to pressure one of its victims to pay up: reporting the victim to the US Securities and Exchange Commission.

The pressure tactic came to light in a post published on Wednesday on the dark web site run by AlphV, a ransomware crime syndicate that's been in operation for two years. After first claiming to have breached the network of the publicly traded digital lending company MeridianLink, AlphV officials posted a screenshot of a complaint it said it filed with the SEC through the agency's website. Under a recently adopted rule that goes into effect next month, publicly traded companies must file an SEC disclosure within four days of learning of a security incident that had a material" impact on their business.

We want to bring to your attention a concerning issue regarding MeridianLink's compliance with the recently adopted cybersecurity incident disclosure rules," AlphV officials wrote in the complaint. It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of form 8-K within the stipulated four business days, as mandated by the new SEC rules."

Read 10 remaining paragraphs | Comments

External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments