ALPHV/BlackCat boosts extortion efforts with SEC complaint

BleepingComputer reports that U.S. financial software firm MeridianLink has been snitched on by the ALPHV/BlackCat ransomware operation in a complaint filed with the U.S. Securities and Exchange Commission, alleging the company's failure to disclose a purported cyberattack within the SEC's four-day breach notification limit. MeridianLink had its network infiltrated and corporate data stolen on Nov. 7 but the company's silence regarding the incident may have prompted further action from ALPHV/BlackCat, which noted in its SEC complaint that the firm was affected by a "significant breach" that has not been reported within four business days after the attack, while posting proof that its complaint was received by the SEC. However, such an incident reporting period has been introduced in new SEC rules that will only be effective beginning Dec. 15. MeridianLink has already confirmed the incident and while an investigation into potential personal data exfiltration is underway, it noted that there has been no evidence suggesting any production platform compromise.