Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Breaches

EquiLend Ransomware Attack Leads to Data Breach 

EquiLend is informing its employees that their personal information was compromised in a January ransomware attack.

Fintech firm EquiLend has started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.

On January 24, the company announced that some of its systems were taken offline due to “a technical issue” and that services would be disrupted for several days.

EquiLend, which confirmed the next day that the disruption was caused by a ransomware attack, was able to restore its client-facing services by February 5, but shared no details on the scope of the attack until now.

Last week, the company informed the Massachusetts Office of Consumer Affairs and Business Regulation (OCABR) of a data breach resulting from the ransomware attack and started notifying the impacted individuals.

In the notification letter, a copy of which was submitted to the OCABR, EquiLend revealed that personal information such as names, dates of birth, and Social Security numbers, along with EquiLend payroll information, was compromised in the attack.

“At this time, we have no evidence from the investigation that any personal information has been used to commit identity theft or fraud,” the notification letter reads.

However, the company is providing the impacted individuals with complimentary identity theft protection services at no cost.

The fintech firm has not shared information on the number of impacted individuals. SecurityWeek has emailed EquiLend for clarification on the matter and will update this article as soon as a reply arrives.

Advertisement. Scroll to continue reading.

“We have not identified evidence that client transaction data was accessed or exfiltrated in the cybersecurity incident,” the company said in an incident FAQ last updated on February 25.

A financial technology and analytics firm created in 2001 by a consortium of banks and broker-dealers, EquiLend provides a centralized platform for the securities-lending industry.

The LockBit ransomware group, which was disrupted last month in an international law enforcement operation, took credit for the attack on EquiLend, according to Bloomberg.

Related: Change Healthcare Restores Pharmacy Services Disrupted by Ransomware

Related: Critical Infrastructure Organizations Warned of Phobos Ransomware Attacks

Related: LockBit Ransomware Gang Resurfaces With New Leak Site

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

People on the Move

Former DoD CISO Jack Wilmer has been named CEO of defensive and offensive cyber solutions provider SIXGEN.

Certificate lifecycle management firm Sectigo has hired Jason Scott as its CISO.

The State of Vermont has appointed John Toney as the state’s new CISO.

More People On The Move

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Ransomware

A SaaS ransomware attack against a company’s Sharepoint Online was done without using a compromised endpoint.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Data Breaches

Delta Dental of California says over 6.9 million individuals were impacted by a data breach caused by the MOVEit hack.