Malware
Equilend Confirms Devastating Ransomware Attack: Employee Data Stolen & Exposed
Securities lending platform EquiLend has confirmed employee data was stolen during a ransomware attack last month. The firm has since bolstered its cybersecurity measures and is working with law enforcement to investigate the incident.
EquiLend Holdings Hit by Ransomware Attack
New York-based securities lending platform EquiLend Holdings confirmed that their data was stolen in a January ransomware attack. In a data breach notification letter sent to employees, the financial technology company revealed the extent of the damage.
We first learned about the breach on January 24, when EquiLend Holdings had to take some of its systems offline on January 22 to contain it. At the time, the company did not disclose the nature of the incident. However, LockBit ransomware later claimed responsibility for the attack in a statement to Bloomberg.
Confirming the Ransomware Attack
Although EquiLend did not confirm LockBit’s claims, it eventually revealed that the January breach resulted from a ransomware attack. The company shared more information about the incident on a dedicated page on February 2.
A few days later, EquiLend announced that all client-facing services were back online. They had not found any evidence that “client transaction data was accessed or exfiltrated” during the cyberattack.
Employee Data Stolen
Despite the company’s efforts to minimize the damage, they confirmed in breach notification letters that the attackers did steal employees’ personally identifiable information (PII). The stolen data included payroll and human resources information, names, dates of birth, and Social Security numbers. The company said, “At this time, we have no evidence from the investigation that any personal information has been used to commit identity theft or fraud.”
Protecting Affected Employees
Although no signs of fraudulent activity using the stolen info have been detected yet, EquiLend is providing affected employees with two years of free identity theft protection services through Identity Theft Guard Solutions (IDX).
About EquiLend Holdings
EquiLend was founded in 2001 by a group of ten global banks and broker-dealers, including Bank of America Merrill Lynch, BlackRock, Credit Suisse, Goldman Sachs, JP Morgan, Morgan Stanley, National Bank of Canada, Northern Trust, State Street, and UBS. The company now has over 330 employees and offices in North America, EMEA, and Asia-Pacific. Its services are used by more than 190 firms worldwide, including agency lending banks, hedge funds, and broker-dealers.
Participants in the securities finance marketplace also use EquiLend’s Next Generation Trading (NGT) multi-asset securities trading platform for transactions worth more than $2.4 trillion monthly.
Don’t Let This Happen to You
Ransomware attacks like the one that hit EquiLend Holdings are becoming more frequent and sophisticated. It’s crucial to stay informed and proactive in the fight against cyber threats. We encourage you to keep coming back to our IT Services for the latest news, tips, and advice. And if you ever have any concerns about your own cybersecurity, don’t hesitate to contact us.