A hacking group deployed a surprising tactic after infiltrating a financial software company’s network. They reported the breach to the US Securities and Exchange Commission (SEC).
DataBreaches.net initially reported on the incident, which was conducted by ALPHV / BlackCat, a group known for infiltrating entities as diverse as MGM Resorts and Reddit. The hackers reportedly breached the servers of fintech company MeridianLink on November 7, stealing company data without encrypting it. However, when the business neglected to negotiate directly, the hackers increased the pressure by filing a report with the SEC.
They did so citing a new rule the SEC passed this summer, which requires companies falling victim to “material cybersecurity incidents” to report them to the agency within four business days.
However, the four-day requirement may not have taken effect yet. At least one official form claims the rule kicked in 90 days after the date of publication in the Federal Register (they appear to h