Tag Archive for: complaint

In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack

/in


Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.

AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.

Source…

Ransomware gang files SEC complaint against company that refused to negotiate

/in


The BlackCat ransomware gang has begun abusing upcoming US Securities and Exchange Commission (SEC) cyber incident reporting rules to put pressure on organizations that refuse to negotiate ransom payments. The attackers filed an SEC complaint against one victim already, in a move that’s likely to become a common practice once the new regulations go into effect in mid-December.

On Wednesday, cybercriminals behind the BlackCat ransomware, also known as ALPHV, listed MeridianLink, a provider of digital lending solutions to financial institutions, on its data leak website that’s used to publicly name and shame companies the group allegedly compromised. Most ransomware gangs have adopted this double extortion tactic in recent years to force the hand of uncooperating victims by threatening to sell or release data the attackers managed to steal.

In fact, some cybercriminal groups don’t even bother deploying file encrypting malware sometimes and go straight to data leak blackmail. This seems to have been the case with BlackCat and MeridianLink, according to DataBreaches.net who reported speaking with the attackers. The breach reportedly happened on November 7 and only involved data exfiltration.

After an initial contact by someone representing the company, communications went silent, the attackers said. As a result, on November 15 the group listed the organization on their data leak blog but took it one step further: It filed a complaint with the SEC for failure to disclose what the group calls “a significant breach compromising customer data and operational information” using Form 8-K, under Item 1.05.

New SEC rules require reporting of material breaches

The new SEC cybersecurity reporting rules that will go in effect on December 15 require US-listed companies to disclose cybersecurity incidents that impact the company’s financial condition and its operations within four business days after determining such an incident occurred and had a material impact. “Whether a company loses a factory in a fire — or millions of files in a cybersecurity incident — it may be material to investors,” SEC Chair Gary Gensler said back in July when the Commission…

Source…

NPC Says PhilHealth Hacking Victims Can File Complaint; Warns Against Resharing Of Leaked Data

/in


The National Privacy Commission said people can claim damages if proven affected by the Medusa ransomware attack on the Philippine Health Insurance Corp.

Individuals who had their personal data stolen in the Medusa
ransomware attack on the Philippine Health Insurance Corp. (PhilHealth)
can file a complaint before the National Privacy Commission.

NPC
Public Information and Assistance Division chief Roren Marie Chin said
on Tuesday, Oct. 10, people who think their personal data had been
compromised in the successful ransomware attack on PhilHealth can file
their individual complaint before the commission.

“Individuals affected may file a complaint to NPC and if proven, they can claim damages,” Chin said.

She added their investigation of the complaint would determine the damage claims that can be awarded.

Warning

The NPC has also issued a warning against the resharing of leaked data from the PhilHealth ransomware attack.

“It
has come to our attention that the personal data exfiltrated from
PhilHealth is being shared illicitly. We want to emphasize the gravity
of this situation and the severe consequences that await anyone involved
in processing, downloading or sharing this data without legitimate
purpose or without authorization,” the NPC said in a statement on
Tuesday.

“In unequivocal terms, the NPC issues a stern warning to
the public: Any individual or organization found to process, download or
share the exfiltrated data from PhilHealth will be held accountable for
unauthorized processing of personal information and may face criminal
charges,” it stated.

The Privacy Commission emphasized that under
Section 25 of the Data Privacy Act of 2012 (DPA), those found guilty of
unauthorized processing of personal information will face penal-ties
that include imprisonment for one to three years and a fine ranging from
P500,000 to P2 million.

In addition, unauthorized processing of
sensitive personal information carries even more substantial penalties,
particularly imprisonment for three to six years and a fine ranging from
P500,000 to P4 million.

“Sharing such leaked data exposes
affected individuals to a range of risks, including identity…

Source…

Not The First Rodeo: Lil Nas X And Cardi B Hit With Blurred Lines Style Copyright Complaint Over Rodeo

/in

We’ve talked quite a bit lately about how the Blurred Lines decision, saying that having a similar “feel” in a song can be copyright infringement even if it’s not a direct copy, has truly messed up the recording industry. Artists are afraid to even mention inspirations for fear of it leading to a lawsuit. New lawsuits are freaking out musicians and even have the RIAA complaining that maybe copyright protection has gone too far.

It appears we’ve got another such lawsuit, this time against Lil Nas X, who had the undisputed “song of the summer” with “Old Town Road.” Lil Nas X released his 7 EP earlier this summer, which included a couple versions of “Old Town Road,” but also a collaboration with Cardi B called “Rodeo.”

And now they (and everyone else) have been sued over the song claiming that it infringes on a beat called “gwenXdonelee4-142” (catchy name that) that was incorporated into a song you probably haven’t heard of: “Broad Day” by PuretoReefa and Sakrite Duexe.

Now, what’s important here is that complaint does not claim that Rodeo sampled Broad Day or even that it directly copied the original beat. It literally notes that they just have a “substantially similar” sound.

The similarities between the works at issue include but are not limited to the following: the two works at issue employ a number of substantially similar elements and material which constitute a constellation of elements creating a substantially similar overall sound and feel, as set forth in the below, non-inclusive musical analysis…

It then notes a variety of similarities, including that the chord progression is the same (which, uh, so what?) and that they’re both at 142 beats per minute. And then there are things like:

Plaintiffs’ Work utilizes guitar and wind instruments to evoke a certain aesthetic that is set against hip-hop elements derived from digital drum and bass elements….

Rodeo also utilizes guitar and wind instruments to evoke a certain aesthetic that is set against hip-hop elements derived from digital drum and bass elements.

And:

At regular intervals in Plaintiffs’ Work, the rhythmic guitar part outlining chords is replaced with a single note line playing an ascending then descending scale moving with the chord changes….

At regular intervals, Rodeo’s rhythmic guitar part is replaced with a single note line playing ascending and descending scales following the chord progression.

Yes, the songs sound similar. Lots of songs sound similar. That doesn’t mean it’s infringement, nor should it. But, in a post Blurred Lines reality, that’s what we have. Two songs having some similarities are suddenly deemed infringing and the lawsuits start flying. It wouldn’t surprise me to find that this case is just settled with the beat creators getting a song-writing credit, because that’s often cheaper and faster than going through a whole court case, but the whole thing is pretty messed up and has nothing to do with the true purpose of copyright law.

Again, though, the recording industry only has itself to blame for this situation. It spent decades pushing a maximalist view of copyright, that everything must be owned and that everything must be licensed. Now it’s discovering what that means in the real world.

Permalink | Comments | Email This Story

Techdirt.