EquiLend Drags Systems Offline After Admitting Attacker Broke In

US securities lender EquiLend has pulled a number of its systems offline after a security “incident” in which an attacker gained “unauthorized access”.

It may take “several days” to bring systems back up, the company confirmed ib a statement.

EquiLend first spotted the attack on January 22 and a statement by the Wall Street staple confirmed there was unauthorized access to part of its infrastructure.

“On January 22, 2024, EquiLend identified a technical issue that placed portions of our systems offline,” the company said. 

“We immediately launched an investigation and have identified a cybersecurity incident involving unauthorized access to our systems. We took immediate steps to secure our systems and are working methodically to restore the involved services as quickly as possible.

“We are working with external cybersecurity firms and other professional advisers to assist with our investigation and restoration of service. Clients have been advised that this may take several days.”

The statement doesn’t go into detail about whether any of its data was compromised or stolen.

Reporting from Bloomberg, which managed to get in touch with ransomware outfit LockBit, revealed the gang’s leadership claimed responsibility for the attack. The crims claim they’re currently in negotiations with EquiLend.

Staff at the EquiLend, which processes trillions of dollars in transactions every month, have reportedly resorted to manual operations while systems are being brought back online.

Experts speaking to The Register said the shift to manual operations may have a noticeable impact on orders and service quality, although in most cases the impact can be contained to a manageable degree.

“Nowadays, any technological failure has a knock-effect on operations with a visible impact on order disruption, service quality, temporarily lowering performance, and increasing costs [such as] replacing equipment, servicing, updating, etc.,” said Dr Sotiris K. Staikouras, associate professor of banking and finance at City University of London.

“In these cases, we move away from ‘natural’ failures and have to cope with man-made upheavals motivated by anything from the political or ideological to business aims. These incidents are contained by moving operations to the old-fashioned manual operations until the IT issues are resolved. Any spill-over effects [such as] losses of business revenues, reduced business pace, delays in trading/settlement, are usually largely contained without any major impact.

“Technology is now interlinked to operations and premeditated man-made disasters will increasingly be at the heart of our fintech life. Regulators, policymakers, and businesses alike are entering a ‘new era’ of a cat and mouse chase.”

Founded in 2001 by a collection of the biggest banks in the world, including JPMorgan Chase, Morgan Stanley, Bear Stearns, Goldman Sachs, and others, EquiLend’s Next Generation Trading (NGT) platform facilitates securities lending trading between market players.

Securities lending is the practice of borrowing securities from other investors or companies and is used for market activities such as short-selling, hedging, arbitrage, and fails-driven borrowing.

Every day, EquiLend’s NGT platform transacts $113.5 billion and is used by more than 120 companies across more than 40 markets, according to its website.

The cybersecurity incident comes at a far from opportune time for EquiLend, which a week ago announced it agreed to sell a majority stake of the business to private equity firm Welsh, Carson, Anderson, and Stowe.

The deal is set to close in Q4 2024 and sources speaking to Reuters in September, when the proposed sale was first reported, speculated the acquisition could be worth up to $700 million.

EquiLend’s cybersecurity issue also closely follows two other major attacks on US finance companies in recent weeks. 

Mortgage giant Fidelity National Financial disclosed a cyber snafu, which was soon claimed by the ALPHV/BlackCat crew, in November, and in the new year admitted 1.3 million customers’ data was compromised.

Another mortgage lender, Mr Cooper, also admitted crims had broken into its systems in December, saying 14.7 million people’s data was stolen in an attack that is expected to cost up to $25 million to clean up.

Earlier this month loanDepot announced an attack on its systems. It revealed in an updated regulatory filing this week that the incident, which involved the “encryption of data”, led to the compromise of 16.6 million customers’ sensitive personal data.

If LockBit is indeed behind the attack on EquiLend, it would be its second major attack on a major fintech in as many years.

In early 2023, the group claimed an attack on ION Group, which was reportedly impacted up to 42 of its customers, including ABN Amro Clearing and Italy’s largest bank, Intesa Sanpaolo. ®

READ MORE HERE