Ransom Attack On Fintech Company Yields Employee Information

A January ransomware attack on EquiLend Holdings forced the fintech company to take some of its systems offline for containment. A few days later it said all client-facing services were back online, and there was no evidence to suggest that “client transaction data was accessed or exfiltrated.” But on March 11, BleepingComputer reported that Equilend had sent letters to employees notifying them that their data was stolen in the attack.

Equilend, a New York-based securities lending platform, was founded in 2001 with the backing of some of the biggest names on Wall Street. The consortium of global banks and broker-dealers included Bank of America, Merrill Lynch, BlackRock, Credit Suisse, Goldman Sachs, JP Morgan, Morgan Stanley, National Bank of Canada, Northern Trust, State Street, and UBS.

Its services are used globally by agency lending banks, hedge funds, and broker-dealers. Its platform trades in multi-asset transactions to the tune of more than $2.4 trillion monthly. LockBit claimed responsibility for the attack in a statement to  Bloomberg. There has been no mention of ransom payments, but LockBit’s double-extortion method for extorting its victims has often been successful, and rumors that one was paid have appeared in other publications.

The letter to Equilend’s 300-plus employees said that the stolen data included the company’s payroll and other human resources information, which includes names, dates of birth, and Social Security numbers.