Will More Threat Actors Weaponize Cybersecurity Regulations?

On Nov. 10, MeridianLink discovered a threat actor’s access to a non-privileged user account, according to a statement on the digital lending software company’s website. While a breach like this is not novel, the ransomware group behind the attack made an attention-grabbing move. ALPHV filed a formal complaint with the US Securities and Exchange Commission (SEC), calling MeridianLink out for not disclosing the breach.

The attack took place on Nov. 7, and the ransomware group exfiltrated data, rather than encrypting it, according to databreaches.net. An insider with ALPHV told databreaches.net that MeridianLink was aware of the attack the day that it happened.

The SEC’s new data breach disclosure rule is not set to go into effect until December, but ALPHV’s complaint with the regulatory body may be a new tactic that threat actors adopt as they continue to attack and exploit victims. How should cybersecurity leaders and other enterprise executives be preparing for this possibility?

Read the rest of the story from Information Week here. 

Homeland Security Today

The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

See Full Bio