ALPHV/Black Cat Reported Victim MeridianLink to SEC for Failing to Disclose Data Breach

European phishing gang busted up, Healthcare outfit PJ&A reports breach affecting 9m patients, Pharmacy Truepill reports breach affecting 2.3m patients, Samsung hit by third breach, much more

Photo by Tasos Mansour on Unsplash

The APHV ransomware gang, also known as BlackCat, added and removed MeridianLink, a loan origination system and digital lending platform for financial institutions, to its leak site and, apparently out of frustration over the lack of response from the company, reported its victim for not disclosing its breach to the Securities and Exchange Commission via the agency’s Tips, Complaints, and Referrals Page.

Earlier this year, the SEC adopted new rules requiring publicly traded entities to report data breaches within four days. Those rules, however, don’t go into effect until December 15. ALPHV claims its attack occurred on November 7, when MeridianLink became aware of it.

But ALPHV wrote to the SEC, “We want to bring to your attention a concerning issue regarding MeridianLink’s compliance with the recently adopted…