Malware
EquiLend Alert: Employee Data Hijacked by Ruthless Ransomware Gang
Financial services firm EquiLend has alerted employees that their data was stolen in a ransomware attack by the BlackMatter gang. The breach included names, addresses, and Social Security numbers, putting employees at risk of identity theft. EquiLend is working with law enforcement and cybersecurity experts to mitigate the impact and safeguard against future attacks.
Imagine this: You’re an employee at a leading financial technology company, and one day you receive a letter informing you that your personal information has been stolen in a ransomware attack. That’s precisely what happened to employees at New York-based securities lending platform EquiLend Holdings, which recently confirmed a data breach resulting from a ransomware attack in January.
What happened?
On January 22, EquiLend Holdings had to take some of its systems offline to contain a breach. Two days later, the company informed us that a ransomware attack had occurred. Although the identity of the attacker remains unconfirmed, LockBit ransomware claimed responsibility for the breach in a statement to Bloomberg.
By February 2, EquiLend revealed on a dedicated page that the breach was indeed a ransomware attack. Although the company said that all client-facing services were back online and they had no evidence of client transaction data being accessed or exfiltrated, they had to deliver some bad news to their employees.
Bad news for employees
In breach notification letters sent to EquiLend employees, the company confirmed that the attackers had stolen their personally identifiable information (PII), including names, dates of birth, and Social Security numbers. The company said, “At this time, we have no evidence from the investigation that any personal information has been used to commit identity theft or fraud.”
While it’s a relief that no signs of fraudulent activity using the stolen information have been detected yet, the situation is still concerning for those affected. To help mitigate the risk, EquiLend is providing affected employees with two years of free identity theft protection services through Identity Theft Guard Solutions (IDX).
Why should you care?
EquiLend was founded in 2001 by a group of ten global banks and broker-dealers, including Bank of America Merrill Lynch, BlackRock, Credit Suisse, Goldman Sachs, JP Morgan, Morgan Stanley, National Bank of Canada, Northern Trust, State Street, and UBS. Today, the company has over 330 employees and offices in North America, EMEA, and Asia-Pacific. Their services are used by more than 190 firms worldwide, including agency lending banks, hedge funds, and broker-dealers. Participants in the securities finance marketplace also use EquiLend’s Next Generation Trading (NGT) multi-asset securities trading platform for transactions worth more than $2.4 trillion monthly.
The bottom line is this: Cybersecurity threats are everywhere, and even well-established companies like EquiLend are not immune. It’s crucial for businesses to invest in robust cybersecurity measures to protect both their clients and employees from the ever-evolving landscape of cyber threats.
Take action and stay informed
Don’t let your company be the next victim of a ransomware attack. Contact our IT Services team to learn more about how you can protect your organization from cyber threats. And remember, knowledge is power – so keep coming back to learn more about the latest in cybersecurity news and best practices.