The
The company, partly owned by some of the world's biggest financial services companies, identified a "technical issue" on Jan. 22 that caused portions of its systems to go offline, a spokesperson for New York-based EquiLend said in an emailed statement Wednesday. The incident involved "unauthorized access to our systems," the spokesperson said.
LockBit was responsible for the attack, a spokesperson for the group said in an interview, adding that it will next try to negotiate with the company for a payment in exchange for unlocking the affected systems. LockBit is one of the world's most prolific ransomware groups. Since 2020, the gang has carried out more than 1,700 hacks and extorted $91 million from its victims, according to the U.S. Cybersecurity and Infrastructure Security Agency.
EquiLend's NGT platform is at the heart of one of the finance industry's biggest businesses, processing more than $2.4 trillion of transactions each month. Securities lending is a significant business for Wall Street banks' trading units, as hedge funds often borrow shares in short sales in order to bet they will fall in value. Goldman Sachs Group, for example, had loaned about $55 billion of securities at the end of September.
Owned by financial firms including Goldman Sachs and JPMorgan Chase, EquiLend announced plans to sell a majority stake to Welsh, Carson, Anderson & Stowe last week. The New York-based private equity firm, which has raised $31 billion since its founding in 1979, didn't immediately respond to requests for comment. Its purchase of EquiLend hasn't yet been completed.
"We took immediate steps to secure our systems and are working methodically to restore the involved services as quickly as possible," the EquiLend spokesperson said. "We are working with external cybersecurity firms and other professional advisers to assist with our investigation and restoration of service. Clients have been advised that this may take several days."
Cyberattacks have repeatedly disrupted financial markets over the past year. In January 2023, LockBit targeted software firm ION Trading UK in a breach that disrupted trading globally. ION later paid an unspecified ransom amount to the gang, according to a spokesperson for the hackers. ION was able to restore its systems about a week after the attack.
In November, LockBit attacked the U.S. unit of Industrial & Commercial Bank of China Ltd., the world's largest lender by assets, rendering it unable to clear trades in U.S. Treasuries. LockBit later said that the bank paid a ransom. The same month, LockBit also targeted U.S. financial firms the Chicago Trading Company and Alphadyne Asset Management.
LockBit's attacks can be highly disruptive because the group breaks into computers and encrypts data held on them, rendering them inoperable. The gang then demands payment in exchange for a "key" that can be used to unlock the infected machines. Leaders of the group are Russian-speaking and work with a network of hackers, or "affiliates," who carry out attacks with the group's malicious software and then split any money generated through extortion, according to cybersecurity experts.
The EquiLend spokesperson didn't immediately respond to requests for specifics on how the hack occurred.
Led by Chief Executive Officer Brian Lamb, EquiLend was established in 2001 when a group of the world's biggest banks came together to provide a standardized and central global platform for trading and post-trade services, according to the company's website. Its technology platform went live the following year.
A 2017 lawsuit accused major banks of using EquiLend as a forum for collusion to hinder the development of all-electronic trading systems that match lenders and borrowers of stock. In August, Goldman Sachs, Morgan Stanley, JPMorgan and UBS Group AG agreed to pay nearly $500 million to settle the antitrust class action brought by U.S. pension funds.