Fintech firm EquiLend has started sending notification letters to its employees to inform them of a data breach resulting from a January 2024 ransomware attack.
EquiLend, which confirmed the next day that the disruption was caused by a ransomware attack, was able to restore its client-facing services by February 5, but shared no details on the scope of the attack until now.
Last week, the company informed the Massachusetts Office of Consumer Affairs and Business Regulation of a data breach resulting from the ransomware attack and started notifying the impacted individuals.
In the notification letter, a copy of which was submitted to the OCABR, EquiLend revealed that personal information such as names, dates of birth, and Social Security numbers, along with EquiLend payroll information, was compromised in the attack.
The company is providing the impacted individuals with complimentary identity theft protection services at no cost.
The fintech firm has not shared information on the number of impacted individuals.
SecurityWeek has emailed EquiLend for clarification on the matter and will update this article as soon as a reply arrives.
A financial technology and analytics firm created in 2001 by a consortium of banks and broker-dealers, EquiLend provides a centralized platform for the securities-lending industry.
The LockBit ransomware group, which was disrupted last month in an international law enforcement operation, took credit for the attack on EquiLend, according to Bloomberg.
This Cyber News was published on www.securityweek.com. Publication date: Tue, 12 Mar 2024 14:13:06 +0000