Fintech firm EquiLend has started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.
On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days.
EquiLend, which confirmed the next day that the disruption was caused by a ransomware attack, was able to restore its client-facing services by February 5, but shared no details on the scope of the attack until now.
Last week, the company informed the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) of a data breach resulting from the ransomware attack and started notifying the impacted individuals.
In the notification letter, a copy of which was submitted to the OCABR, EquiLend revealed that personal information such as names, dates of birth, and Social Security numbers, along with EquiLend payroll information, was compromised in the attack.
“At this time, we have no evidence from the investigation that any personal information has been used to commit identity theft or fraud,” the notification letter reads.
However, the company is providing the impacted individuals with complimentary identity theft protection services at no cost.
The fintech firm has not shared information on the number of impacted individuals. SecurityWeek has emailed EquiLend for clarification on the matter and will update this article as soon as a reply arrives.
“We have not identified evidence that client transaction data was accessed or exfiltrated in the cybersecurity incident,” the company said in an incident FAQ last updated on February 25.
A financial technology and analytics firm created in 2001 by a consortium of banks and broker-dealers, EquiLend provides a centralized platform for the securities-lending industry.
The LockBit ransomware group, which was disrupted last month in an international law enforcement operation, took credit for the attack on EquiLend, according to Bloomberg.
Related: Change Healthcare Restores Pharmacy Services Disrupted by Ransomware
Related: Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks
Related: LockBit Ransomware Gang Resurfaces With New Leak Site