Cyber Incident Victim: EquiLend

On January 22, 2024, EquiLend identified a technical issue that forced portions of its systems offline, prompting an immediate internal investigation. This investigation confirmed a cybersecurity incident involving unauthorized access to company systems, leading EquiLend to take swift containment measures to secure affected infrastructure. The company engaged external cybersecurity firms and professional advisers to assist with forensic analysis and service restoration, notifying clients that recovery efforts might require several days. Specific services impacted included NGT, Post-Trade Solutions, Data & Analytics Solutions, and RegTech Solutions, all rendered temporarily unavailable. EquiLend Spire components and the ECS Loan Market remained fully operational throughout the incident. By January 24, EquiLend established a public communication channel via its website to provide periodic updates, emphasizing its focus on restoring services methodically while maintaining client transparency.

By January 25, EquiLend’s investigation with third-party experts determined the incident was a ransomware attack, though the specific threat actor remained unidentified. Law enforcement agencies were notified as part of the response protocol. Restoration work continued on the disrupted services, with no definitive timeline provided for full recovery. The company maintained its temporary service suspension for NGT, Post-Trade Solutions, Data & Analytics Solutions, and RegTech Solutions to ensure system integrity during remediation. EquiLend reiterated its commitment to rebuilding affected systems with enhanced security measures, leveraging external expertise to strengthen existing protocols. Clients were directed to an updated FAQ resource for operational guidance, with unresolved queries routed to relationship managers. The incident caused measurable operational disruption to core securities lending platforms but did not compromise EquiLend’s entire service portfolio.