This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties.  Members and Law enforcement use only. Contact us for any permissions.  To do otherwise will result in the loss of membership.

Complete Story


Cyber Criminals Weaponize SEC’s Future Cyber Disclosure Rules

JD Supra

In a first for both cybersecurity and securities law, a ransomware company filed a complaint with the U.S. Securities and Exchange Commission (“SEC”) against its own hacking victim for failure to disclose the hack itself. The move is akin to a car thief suing their victim for failing to report the stolen car to their insurer.

The ransomware company, known as AlphV/Black Cat (“AlphV”), a Russian-based group, confirmed to that they made the report to the SEC, alleging MeridianLink failed to comply with the SEC’s upcoming cyberattack disclosures rules. AlphV is a well-known cyberattacker, having previously gained notoriety for attacks against major casinos and hotels.

As we have covered previously on Aug. 2, 2023, and Aug. 21, 2023, the SEC’s forthcoming cybersecurity rules do not actually take effect until December, but the incident sheds light on an emerging concern for the cybersecurity industry: cyber criminals are sophisticated, well-resourced, and will be closely following companies’ disclosures around cyberattacks to help them target future victims and assert maximum leverage, especially where ransomware is concerned.


Printer-Friendly Version



The FRPA alert system distinguishes us from other groups by gathering and providing information to law enforcement, retailers AND financial institutions.

more information


Your electronic library to help in fighting financial fraud for all of our partners.

more information