The pressure tactic came to light in a post published on Wednesday on the dark web site run by AlphV, a ransomware crime syndicate that’s been in operation for two years.
After first claiming to have breached the network of the publicly traded digital lending company MeridianLink, AlphV officials posted a screenshot of a complaint it said it filed with the SEC through the agency’s website.
Under a recently adopted rule that goes into effect next month, publicly traded companies must file an SEC disclosure within four days of learning of a security incident that had a “material” impact on their business.
“It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of form 8-K within the stipulated four business days, as mandated by the new SEC rules.”
MeridianLink officials declined a request for an interview or to answer questions asking if customer data was breached in a network intrusion or whether a security attack took place that could be considered material.
“Being primarily a Russia-based group, ALPHV will unlikely target organizations based in the Russian Federation or among the rest of the Commonwealth of Independent States (CIS) that make up the former Soviet Union.”
The original article contains 717 words, the summary contains 215 words. Saved 70%. I’m a bot and I’m open source!
So robbers rob a bank and take hostages. Then when nobody shows up or cares, the robbers call the feds to report the bank management for not having made a bigger fuss. The real victims aren’t the bank or the hostages. It’s the poor, ignored bank robbers.
More like robbers rob a bank and take hostages.
They threaten to kill a hostage, but still don’t get any money.
So they threaten to report the bank for not being up to code with an expired fire extinguisher if they don’t get some money.
They know the bank doesn’t give a shit about hostages being killed.
But a few pennies for a minor fine is a threat the bankers really understand.
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]
This is the official technology community of Lemmy.ml for all news related to creation and use of technology, and to facilitate civil, meaningful discussion around it.
Ask in DM before posting product reviews or ads. All such posts otherwise are subject to removal.
Rules:
1: All Lemmy rules apply
2: Do not post low effort posts
3: NEVER post naziped*gore stuff
4: Always post article URLs or their archived version URLs as sources, NOT screenshots. Help the blind users.
5: personal rants of Big Tech CEOs like Elon Musk are unwelcome (does not include posts about their companies affecting wide range of people)
6: no advertisement posts unless verified as legitimate and non-exploitative/non-consumerist
7: crypto related posts, unless essential, are disallowed
What exactly do you want to tell us with those ramblings? Are you getting anywhere with this?
This is the best summary I could come up with:
The pressure tactic came to light in a post published on Wednesday on the dark web site run by AlphV, a ransomware crime syndicate that’s been in operation for two years.
After first claiming to have breached the network of the publicly traded digital lending company MeridianLink, AlphV officials posted a screenshot of a complaint it said it filed with the SEC through the agency’s website.
Under a recently adopted rule that goes into effect next month, publicly traded companies must file an SEC disclosure within four days of learning of a security incident that had a “material” impact on their business.
“It has come to our attention that MeridianLink, in light of a significant breach compromising customer data and operational information, has failed to file the requisite disclosure under item 1.05 of form 8-K within the stipulated four business days, as mandated by the new SEC rules.”
MeridianLink officials declined a request for an interview or to answer questions asking if customer data was breached in a network intrusion or whether a security attack took place that could be considered material.
“Being primarily a Russia-based group, ALPHV will unlikely target organizations based in the Russian Federation or among the rest of the Commonwealth of Independent States (CIS) that make up the former Soviet Union.”
The original article contains 717 words, the summary contains 215 words. Saved 70%. I’m a bot and I’m open source!
Based?
So robbers rob a bank and take hostages. Then when nobody shows up or cares, the robbers call the feds to report the bank management for not having made a bigger fuss. The real victims aren’t the bank or the hostages. It’s the poor, ignored bank robbers.
Is that what’s going on?
More like robbers rob a bank and take hostages. They threaten to kill a hostage, but still don’t get any money. So they threaten to report the bank for not being up to code with an expired fire extinguisher if they don’t get some money.
They know the bank doesn’t give a shit about hostages being killed. But a few pennies for a minor fine is a threat the bankers really understand.
R A M S O M W A R E
*Mandatory unannounced regulation-compliance checking group