CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?



Ransomware Group Files SEC Complaint Over Victim’s Failure to Disclose Data Breach

Alphv/BlackCat ransomware group files SEC complaint against MeridianLink over its failure to disclose an alleged data breach caused by the hackers.

Ransomware Attack SEC complaint

A notorious ransomware group has filed a complaint with the US Securities and Exchange Commission (SEC) over the failure of a victim to disclose an alleged data breach resulting from an attack conducted by the cybercrime gang itself.

The ransomware group known as Alphv and BlackCat claims to have breached the systems of MeridianLink, a California-based company that provides digital lending solutions for financial institutions and data verification solutions for consumers.

The cybercriminals claim to have stolen a significant amount of customer data and operational information belonging to MeridianLink, and they are threatening to leak it unless a ransom is paid.

In an apparent effort to increase its chances of getting paid, the malicious hackers claim to have filed a complaint with the SEC against MeridianLink, accusing the company of failing to disclose the breach within four business days, as required by rules announced by the agency in July. 

BlackCat published screenshots on its leak website on November 15 to show that the complaint has been filed and received by the SEC. 

Complaint filed with the SEC against MeridianLink
Screenshot showing the complaint filed with the SEC against MeridianLink

This appears to be the first time a ransomware group has filed an SEC complaint against one of its victims. 

The hackers told that the attack against MeridianLink — which allegedly did not involve file-encrypting ransomware, only data theft — was conducted on November 7 and it was discovered the same day. 

However, MeridianLink told that the intrusion occurred on November 10.

“Upon discovery on the same day, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident. Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption,” the company said, adding that it cannot share further details due to its ongoing investigation. 

Advertisement. Scroll to continue reading.

It’s worth pointing out that the new SEC data breach disclosure rules will only go into effect in mid-December 2023. In addition, companies will be required to notify the SEC within four business days of determining that a cybersecurity incident is material to investors, which, based on MeridianLink’s statement, has yet to happen.

Contacted by SecurityWeek, an SEC spokesperson declined to comment.

BlackCat has been one of the most active ransomware operations and it’s not uncommon for the group to try new methods for convincing targets to pay up, including by setting up dedicated leak websites for individual victims. 

*updated to say that the SEC declined to comment

Related: BlackCat Ransomware Targets Industrial Companies

Related: Western Digital Confirms Ransomware Group Stole Customer Information

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.


As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.


Several major organizations are confirming impact from the latest zero-day exploits hitting Fortra's GoAnywhere software.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Data Breaches

KFC and Taco Bell parent company Yum Brands says personal information was compromised in a January 2023 ransomware attack.


US payments giant NCR has confirmed being targeted in a ransomware attack for which the BlackCat/Alphv group has taken credit.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.