EquiLend Holdings, a securities lending platform based in New York, has confirmed in Equilend data breach notification letters that employee data was compromised in a ransomware attack that occurred in January.
The company took immediate action by shutting down certain systems on January 22 to contain the breach. Although EquiLend initially did not disclose the details of the incident, LockBit ransomware claimed responsibility for the attack, as stated in a communication to Bloomberg.
With EquiLend data stolen, the company did not explicitly confirm the claims made by LockBit, the fintech company did acknowledge on February 2, through a dedicated information-sharing page, that the breach in January was a result of a ransomware attack.
Shortly after, EquiLend announced that all client-facing services had been restored and no evidence had been found to suggest that client transaction data was compromised or accessed during the cyberattack.
However, in breach notification letters sent to EquiLend employees, the company did admit that the attackers did manage to steal personally identifiable information (PII) belonging to the employees.
“We are writing to inform you of a recent data security incident that involved your EquiLend payroll and other human resources information, including your name, date of birth and Social Security number,”
“At this time, we have no evidence from the investigation that any personal information has been used to commit identity theft or fraud.”
The company said.
EquiLend, established in 2001, is a securities lending platform that was formed by a consortium of ten global banks and broker-dealers.
The founding members include JP Morgan, Bank of America Merrill Lynch, State Street, BlackRock, UBS, Credit Suisse, Goldman Sachs, Northern Trust, National Bank of Canada, and Morgan Stanley.
Equilend Data Stolen in a Ransomware Attack
EquiLend recently experienced a ransomware attack, resulting in the theft of employee personally identifiable information (PII).
While there have been no reports of fraudulent activity using the stolen data, EquiLend is taking proactive measures by offering affected employees two years of complimentary identity theft protection services through Identity Theft Guard Solutions (IDX).
EquiLend has experienced significant growth since its establishment, currently employing over 330 individuals and maintaining offices in North America, EMEA, and Asia-Pacific.
Its services are widely utilized by over 190 firms globally, including agency lending banks, hedge funds, and broker-dealers. In addition to its securities lending platform, EquiLend’s Next Generation Trading (NGT) multi-asset securities trading platform is leveraged by participants in the securities finance marketplace, facilitating transactions valued at more than $2.4 trillion on a monthly basis.