EquiLend, a US securities lending company, has been forced to take several of its systems offline after experiencing a security breach in which an unauthorized individual gained access to their infrastructure. The incident, which was first detected on January 22, 2024, has caused significant disruptions to EquiLend’s operations, with the company warning that it may take several days to fully restore their systems.
In a statement released on their website, EquiLend acknowledged the cyber security incident and reassured clients that they are working diligently to address the issue. The company has enlisted the help of external cyber security firms and other professional advisers to assist with their investigation and the restoration of services.
Despite their efforts to contain the breach, EquiLend has not disclosed whether any data was compromised or stolen during the attack. However, according to a report from Bloomberg, a ransomware group known as LockBit has claimed responsibility for the breach and is currently engaged in negotiations with EquiLend.
As a result of the security incident, EquiLend’s staff have been forced to revert to manual operations while their systems are being brought back online. Although this shift may lead to disruptions in order processing and service quality, experts believe that the impact can be managed to a certain degree.
Dr. Sotiris K. Staikouras, an associate professor of banking and finance at the City University of London, emphasized the interconnected nature of technology and operations, stating that man-made disruptions can be contained through manual operations until IT issues are resolved.
Founded in 2001 by major banks such as JPMorgan Chase and Goldman Sachs, EquiLend’s Next Generation Trading (NGT) platform plays a critical role in facilitating securities lending transactions between market players. However, the recent cyber security incident has raised concerns about the company’s ability to maintain its services and reputation.
The attack on EquiLend comes at a time when other financial institutions in the US have also fallen victim to cyber breaches. Fidelity National Financial, Mr. Cooper, and loanDepot have all reported significant security incidents in recent months, raising questions about the resilience of the financial industry against cyber threats.
The timing of the security incident is particularly significant for EquiLend, as the company recently announced plans to sell a majority stake to a private equity firm. The proposed acquisition, which is valued at up to $700 million, has generated speculation about the potential impact of the breach on the deal.
If LockBit is indeed responsible for the attack on EquiLend, it would mark the group’s second major breach involving a significant financial institution. In 2023, LockBit claimed responsibility for an attack on ION Group, impacting numerous customers including ABN Amro Clearing and Intesa Sanpaolo.
In light of these developments, experts are urging regulators, policymakers, and businesses to adopt a proactive approach to cyber security, recognizing the growing threat posed by man-made disruptions in the financial sector. As EquiLend works to restore its systems and investigate the breach, the broader implications of the security incident on the company’s operations and the financial industry as a whole remain to be seen.