Information Security: Apache Log4j Monitoring

December 15, 2021

A vulnerability in the widely used logging library Apache “Log4j” was recently discovered. EquiLend became aware of this vulnerability through its information security surveillance process and has been actively assessing its impact, both internally and with our third-party suppliers, on an ongoing basis since then.

  • EquiLend has confirmed both internally and with our critical third-party suppliers limited exposure to the Log4j vulnerability.
  • Following thorough investigations, we have not detected any exploits of this vulnerability on our systems. EquiLend’s critical third-party suppliers also have confirmed that they have not detected any exploit attempts.
  • We are continuing our impact assessment and following guidance from Apache and CISA on our remediation plan.

Due to our robust cybersecurity protocols and defense-in-depth strategy, we are confident that the risk of this vulnerability on EquiLend’s systems is limited. We have increased the level of monitoring of our environment and will update our clients if anything should change. 

Clients may contact EquiLendITSecurityReporting@equilend.com with any additional questions.