$2.4 trillion securities platform owner hacked. EquiLend admits "unauthorised access"

"We are working methodically to restore the involved services as quickly as possible"

$2.4 trillion securities platform owner hacked. EquiLend admits "unauthorised access"

Financial technology company EquiLend - the owner of a NGT, a platform that executes $2.4 trillion of securities transactions each month – has confirmed “unauthorized access to our systems” on January 22.

The incident has disrupted some of its services, it confirmed, adding in a January 25 update that the incident was the result of ransomware and has affected a sweeping range of critical services, which "continue to be temporarily unavailable" and include its mission-critical services like: 

  • NGT 
  • Post-Trade Solutions 
  • Data & Analytics Solutions 
  • RegTech Solutions 

“We took immediate steps to secure our systems and are working methodically to restore the involved services as quickly as possible,” an EquiLend spokesperson told reporters on January 24.

“We are working with external cybersecurity firms and other professional advisers to assist with our investigation and restoration of service. Clients have been advised that this may take several days" it added.

In a January 25 update, it added that "while the investigation will take time, it has so far determined this incident was the result of ransomware... All EquiLend Spire components and the ECS Loan Market were not impacted by the ransomware incident and remain fully operational. 

"Ensuring our customers regain full functionality to any impacted services as quickly and safely as possible remains a top priority, and while the restoration process and our investigation will take time, we are committed to sharing pertinent updates as they become available. "

"We continue rigorously responding to this incident, and cybersecurity will remain an ongoing commitment. We will continue working closely with third-party experts to build upon our robust security protocols and emerge as an even more secure organization. We regret the inconvenience this incident has caused you and remain committed to servicing our customers. 

(Affected? Get in touch by email, Signal, or Telegram.) 

NGT workflow. Credit: EquiLend.

Join peers following The Stack on LinkedIn

EquiLend is owned by 10 of the biggest Wall Street firms, including Goldman Sachs Group Inc and BlackRock Inc. It provides a central platform and services for securities trading – spanning electronic trading, order management, post-trade automation, data and analytics and regulatory technology solutions. It serves over 200 asset owners, agency lending banks, broker-dealers and hedge funds, according to its site. Approximately $113.5 billion is transacted on NGT daily. It includes a web-based interface that lets traders transact over the platform, or a set of messaging protocols to connect straight into the NGT engine.

The EquiLend cyber incident comes days after it confirmed that private equity firm Welsh, Carson, Anderson & Stowe (WCAS) has agreed to acquire a majority stake in the firm in an acquisition to close in Q2 2024. 

Cybersecurity breaches commonly take place around the time of major acquisitions for a number of reasons, including that staff are often distracted and/or if attackers have had sustained system access, they tend to detonate payloads before new owners embark on fresh systems audits and spot them on corporate infrastructure. It was not immediately clear if a ransomware payload had been detonated, as The Stack published. 

EquiLend cybersecurity incident latest to hit markets

The EquiLend cybersecurity incident is the latest to hit financial markets – as attackers inch closer to causing serious financial market disruption. 

In January 2023 the LockBit ransomware group hit software firm ION Trading UK in a breach that forced numerous European and US banks and brokers to process derivatives trades manually, whilst a November 8 ransomware attack on the US arm of the world’s largest bank, China’s Industrial & Commercial Bank of China impacted the trade of Treasuries.

(That incident is believed to have occurred after it failed to patch a critical Citrix vulnerability, CVE-2023-4966 that was widely exploited globally.)

Goldman Sachs, JPMorgan, Morgan Stanley and UBS meanwhile agreed to pay $499 million in 2023 to settle a lawsuit that had accused them of conspiring to stifle competition in the stock lending market using EquiLend. 

EquiLend “agreed to specific reforms to prevent the sort of collusion and market abuse that occurred in this case, lawyers for the plaintiffs said, as reported by the FT on August 2023. EquiLend “vigorously denied” any wrongdoing at the time but said it was pleased to settle the case. 

See also: 1 Citrix bug alone triggered 13 “nationally significant” UK cybersecurity incidents