urlscan.io logo urlscan.io
SecurityTrails logo

therecord.media Open in urlscan Pro
2606:4700:4400::ac40:9b4b  Public Scan

Back to summary
Submitted URL: https://search.app/HkovQna6fTZNU8eW7
Effective URL: https://therecord.media/meridianlink-confirms-cyberattack-after-sec-threat
Submission Tags: falconsandbox
Submission: On June 24 via api from US — Scanned from DE

Form analysis 1 forms found in the DOM

<form><span class="text-black text-sm icon-search"></span><input name="s" placeholder="Search…" type="text" value=""><button type="submit">Go</button></form>

Text Content

This website stores cookies on your computer. These cookies are used to improve
your website experience and provide more personalized services to you, both on
this website and through other media. To find out more about the cookies we use,
see our Privacy Policy.

Accept

 * Leadership

 * Cybercrime

 * Nation-state

 * Elections

 * Technology

 * Cyber Daily®

 * Click Here Podcast

Go
Subscribe to The Record

✉️ Free Newsletter


Image: MeridianLink
Jonathan Greig
November 16th, 2023
 * News
 * Cybercrime
 * Government

 * 
 * 
 * 
 * 
 * 

Get more insights with the
Recorded Future
Intelligence Cloud.
Learn more.


MERIDIANLINK CONFIRMS CYBERATTACK AFTER RANSOMWARE GANG CLAIMS TO REPORT COMPANY
TO SEC

Financial software company MeridianLink confirmed that it is dealing with a
cyberattack after the hackers behind the incident took extraordinary measures to
pressure the company into paying a ransom.

MeridianLink, which reported more than $76 million in revenue last quarter,
provides tools to banks, credit unions, mortgage lenders and consumer reporting
agencies in the United States.

This week, the company was added to the leak site of AlphV/Black Cat, a
ransomware gang believed to be based in Russia that has been involved in several
brazen attacks, including the takedown of MGM Resorts.

A spokesperson for MeridianLink confirmed to Recorded Future News that they
recently identified a cybersecurity incident.

“Upon discovery, we acted immediately to contain the threat and engaged a team
of third-party experts to investigate the incident,” the spokesperson said.

“Based on our investigation to date, we have identified no evidence of
unauthorized access to our production platforms, and the incident has caused
minimal business interruption. If we determine that any consumer personal
information was involved in this incident, we will provide notifications, as
required by law.”

The attack drew the interest of security researchers because AlphV claimed on
its leak site that it reported MeridianLink to the Securities and Exchange
Commission (SEC) for not informing the regulator of the incident, which they
claim took place a week ago. AlphV confirmed to DataBreaches.net that it sent
the SEC a notice about the attack.

The ransomware gang later shared a photo of the form it sent the SEC and
erroneously claimed MeridianLink violated the SEC’s much-discussed new reporting
rules, which in fact do not take effect until next month.

If the rules were in effect, the company would have four days from when they
detected a “material” cyber event to report the incident. Companies and
cybersecurity executives continue to debate what the SEC considers “material”
and the SEC plans to release more guidance on the term.

But during a talk at the Aspen Cyber Forum this week, several government
officials confirmed that the rules do not mean that attacks need to be reported
four days after they are discovered, but only after they are considered to have
a significant effect on a company’s bottom line.



A SEC spokesperson declined to comment when asked about the form or whether
MeridianLink needed to report the incident.

The brazen move was the latest extortion tactic used by ransomware gangs in
their attempt to use any means necessary to extract ransoms out of victims.
Another ransomware gang this summer threatened to report companies to European
regulators for alleged violations of the General Data Protection Regulation —
the European Union’s far-reaching privacy law — if they did not pay ransoms.

Jim Doggett, CISO at cybersecurity company Semperis, told Recorded Future News
that the move, while eye-popping, may leave the group in the crosshairs of U.S.
law enforcement agencies.

“Drawing unneeded attention to themselves isn’t wise if they are looking to keep
the gravy train of profitability running,” he said.

Ilia Kolochenko, CEO at application security company ImmuniWeb, noted that
misuse of the new SEC rules to put additional pressure on publicly traded
companies was foreseeable.

“Ransomware actors will likely start filing complaints with other US and EU
regulatory agencies when the victims fail to disclose a breach within the
timeframe provided by law. Having said that, not all security incidents are data
breaches, and not all data breaches are reportable data breaches,” said
Kolochenko, who also serves as an adjunct professor of cybersecurity and law at
Capitol Technology University.

“Therefore, regulatory agencies and authorities should carefully scrutinize such
reports and probably even establish a new rule to ignore reports uncorroborated
with trustworthy evidence, otherwise, exaggerated or even completely false
complaints will flood their systems with noise and paralyze their work.”

 * 
 * 
 * 
 * 
 * 

Tags
 * Alphv
 * BlackCat
 * financial
 * Ransomware

Previous articleNext article
Hackers target Greece, Tunisia, Moldova, Vietnam and Pakistan with Zimbra
zero-day
FTC targets telecom provider for inmates after massive data breach

Jonathan Greig

is a Breaking News Reporter at Recorded Future News. Jonathan has worked across
the globe as a journalist since 2014. Before moving back to New York City, he
worked for news outlets in South Africa, Jordan and Cambodia. He previously
covered cybersecurity at ZDNet and TechRepublic.

 * Spies with upgraded Gh0st RAT appear to be new operation, researchers sayJune
   21st, 2024
 * US adds sanctions of Kaspersky executives to ban on company softwareJune
   21st, 2024
 * Forklift manufacturer shuts down systems to investigate cyberattackJune 21st,
   2024
 * More than 400,000 have data leaked in cyberattack on Texas education
   organizationJune 20th, 2024
 * UN Security Council to debate cybersecurity threats, despite Russian vetoJune
   20th, 2024
 * US intelligence 'not seen much' of Russia attempting to interfere in UK
   elections June 19th, 2024
 * Fake anti-Ukraine celebrity quotes recently surged on social mediaJune 17th,
   2024
 * Suspected 'Scattered Spider' hacker, 22, reportedly arrested in SpainJune
   17th, 2024
 * New York Times says data breach affected freelance visual contributorsJune
   14th, 2024


CHINESE STATE-SPONSORED REDJULIETT INTENSIFIES TAIWANESE CYBER ESPIONAGE VIA
NETWORK PERIMETER EXPLOITATION


Chinese State-Sponsored RedJuliett Intensifies Taiwanese Cyber Espionage via
Network Perimeter Exploitation


RANSOMHUB DRAWS IN AFFILIATES WITH MULTI-OS CAPABILITY AND HIGH COMMISSION RATES


RansomHub Draws in Affiliates with Multi-OS Capability and High Commission Rates


THE TRAVELS OF “MARKOPOLO”: SELF-PROCLAIMED MEETING SOFTWARE VORTAX SPREADS
INFOSTEALERS, UNVEILS EXPANSIVE NETWORK OF MALICIOUS MACOS APPLICATIONS


The Travels of “markopolo”: Self-Proclaimed Meeting Software Vortax Spreads
Infostealers, Unveils Expansive Network of Malicious macOS Applications


ISRAEL-HAMAS CONFLICT AND US ELECTIONS DRIVE VIOLENT EXTREMIST THREATS IN 2024


Israel-Hamas Conflict and US Elections Drive Violent Extremist Threats in 2024


HURDLING OVER HAZARDS: MULTIFACETED THREATS TO THE PARIS OLYMPICS


Hurdling Over Hazards: Multifaceted Threats to the Paris Olympics
 * 
 * 
 * 
 * 
 * 

 * Privacy

 * About

 * Contact Us

© Copyright 2024 | The Record from Recorded Future News