Tag: SEC | Page 2

In What Could Be a Trend, Ransomware Operation Files SEC Complaint Against Victim for Failing to Timely Disclose Cyberattack

November 27, 2023/in Internet Security

Ransomware operation AlphV/BlackCat has filed a U.S. Securities and Exchange complaint against one of its alleged victims, MeridianLink, for allegedly failing to comply with the four-day rule to disclose a cyberattack.

AlphV/BlackCat listed the software company on its data leak with a threat that it would leak allegedly stolen data unless a ransom is paid within 24 hours. MeridianLink provides digital solutions for financial organizations such as banks, credit unions and mortgage lenders.

Source…

Binance’s Busy Day, Kraken’s Second SEC Fight

November 22, 2023/in Internet Security

Binance is paying one of the largest fines in corporate history to the U.S. Department of Justice, while its founder and CEO, Changpeng “CZ” Zhao, stepped down from his role running the platform as part of a settlement with multiple federal agencies. Meanwhile, Kraken is facing a lawsuit from the U.S. Securities and Exchange Commission that echoes the SEC’s previous wave of suits.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

Binance settled charges with multiple U.S. agencies (with one major exception), ending one of the most highly anticipated regulatory actions in crypto.

Binance is the world’s largest crypto exchange by volume, and just agreed to pay what federal officials are describing as some of the nation’s largest fines.

Binance and Changpeng “CZ” Zhao settled with multiple federal agencies on Tuesday, agreeing to pay billions of dollars in a deal that will also see Zhao face potential prison time, Binance make a “complete exit” from the U.S. and agree to strict oversight from monitors over the next several years.

If you missed Tuesday’s regulatory extravaganza:

If you noticed the numbers don’t add up, you’re right. It’s a confusing mess, largely because the amounts overlap with each other and involve some financial punishments that are put off unless the company strays again. An actual total of $4.3 billion will move from Binance to U.S. government coffers, officials said. FinCEN is collecting $780 million. Another $150 million is a suspended penalty, while $2.47 billion will be credited to the DOJ and CFTC. OFAC will collect another $70 million and credit another $898 million to the DOJ. CoinDesk’s Jesse Hamilton checked and the CFTC is for sure getting the $1.35 million fine.

“One of the things that Treasury works hard in collaboration with the Justice Department on is that a substantial amount of this penalty will go to the victims of state-sponsored terrorism in a fund that supports payments to those families and individuals,” a senior Treasury official said.

Binance’s role as a major crypto exchange that operated secretively within the U.S. is maybe the…

Source…

Hacker chutzpah: Ransomware group says it reported victim to SEC

November 19, 2023/in Internet Security

Cybercriminal group Alphv said it reported a victim of one of its ransomware attacks to the Securities and Exchange Commission for supposedly violating the regulator’s new rule mandating publicly traded companies report substantial cybersecurity incidents.

The company, financial software firm MeridianLink, confirmed it suffered an attack but had not yet determined the extent of personal information compromised.

“MeridianLink recently identified a cybersecurity incident,” a spokeswoman for the company said Friday. “Safeguarding our customers’ and partners’ information is something we take seriously. Upon discovery, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident.”

The spokeswoman added that the company had identified “no evidence of unauthorized access to our production platforms” and that the incident caused minimal business interruption.

“If we determine that any consumer personal information was involved in this incident, we will provide notifications, as required by law,” the spokeswoman said. “We have no further details to offer currently, as our investigation is ongoing.”

MeridianLink counts many credit unions and some community banks as customers. The company reported $288 million in revenue last year.

MeridianLink did not have to report the incident in an 8-K filing, as Alphv claimed, because the SEC’s new rule regarding material data breaches does not take effect until next month. Rather, cybersecurity experts said the report was merely a means of putting additional pressure on MeridianLink, which Alphv is extorting via the threat of releasing the data it stole.

The SEC’s rule gives publicly traded companies four days to report a security incident from the time that the company determines it to be “material.” Alphv said it compromised MeridianLink on Nov. 7. Alphv posted on Wednesday on its victim-shaming website about the SEC complaint it said it filed.

The SEC did not immediately respond to a request for comment. Other reports indicated the commission was not commenting on the matter.

The “misuse” of the SEC’s form for flagging unreported data breaches was entirely foreseeable, according to Ilia Kolochenko, CEO of…

Source…

A Ransomware Gang Wanted Its Victim to Pay Up. So It Went to the SEC.

November 18, 2023/in Internet Security

Nov. 18, 2023 10:00 am ET

The call is coming from inside the hack.

A ransomware gang claimed this past week that it broke into the systems of the fintech platform MeridianLink. The breach has been reported to regulators.

The company didn’t report it, as new rules will require them to do. The hackers did.

Source…

Tag Archive for: SEC