Tim Berghof, security evangelist at G DATA, confirmed to CSO that while this approach is technically just an extension of the “industry-standard” double extortion, it can have massive consequences. “Even if a complaint turns out to be unfounded, official investigations generate attention, tie up resources, and potentially become public,” he said.
AI amplifies attacks
Hild points to another problem: “AI-powered tools dramatically accelerate these attacks. Criminals can now screen stolen documents for ‘material’ compliance violations within hours of a data breach — faster and more accurately than many companies can audit their own systems.”
The SailPoint specialist explains: “They create detailed, legally sound complaints for authorities and set tight deadlines. With new regulations like DORA in the EU and stricter SEC reporting requirements, the arsenal of these extortionists is constantly growing.”
