Ransomware Group Reports Victim to SEC
Thursday, November 16, 2023
However, the move by BlackCat may be intended more as a warning to other victims than a genuine attempt to pressure MeridianLink into paying. The new SEC reporting rules don’t officially kick in until December 15 this year.
ImmuniWeb chief architect, Ilia Kolochenko, warned that disclosures to regulatory agencies in the US and EU could become more frequent going forward, increasing the jeopardy for publicly listed firms.
“Victims of data breaches should urgently consider revising their digital forensics and incident response (DFIR) strategies by inviting corporate jurists and external law firms specialized in cybersecurity to participate in the creation, testing, management and continuous improvement of their DFIR plan,” he argued.
“Many large organizations still have only technical people managing the entire process, eventually triggering such undesirable events as criminal prosecution of CISOs and a broad spectrum of legal ramifications for the entire organization. Transparent, well-thought out and timely response to a data breach can save millions.”
A MeridianLink statement republished on X claimed that the firm discovered an incident on November 10 and “acted immediately to contain the threat.” Read Full Article
Tech Monitor: BlackCat hacks company, reports victim to SEC