Financial software company MeridianLink confirmed that it is dealing with a cyberattack after the hackers behind the incident took extraordinary measures to pressure the company into paying a ransom.
MeridianLink, which reported more than $76 million in revenue last quarter, provides tools to banks, credit unions, mortgage lenders and consumer reporting agencies in the United States.
This week, the company was added to the leak site of AlphV/Black Cat, a ransomware gang believed to be based in Russia that has been involved in several brazen attacks, including the takedown of MGM Resorts.
“Upon discovery, we acted immediately to contain the threat and engaged a team of third-party experts to investigate the incident,” the spokesperson said.
“Based on our investigation to date, we have identified no evidence of unauthorized access to our production platforms, and the incident has caused minimal business interruption. If we determine that any consumer personal information was involved in this incident, we will provide notifications, as required by law.”
The attack drew the interest of security researchers because AlphV claimed on its leak site that it reported MeridianLink to the Securities and Exchange Commission (SEC) for not informing the regulator of the incident, which they claim took place a week ago. AlphV confirmed to DataBreaches.net that it sent the SEC a notice about the attack.