A ransomware attack is disrupting state and local borrowers’ ability to post debt documents on the $4.3 trillion municipal-bond market’s main distribution platform.
MuniOS, a website operated by Ann Arbor, Michigan-based tech company ImageMaster LLC, has been out of service for several days due to the cyber attack, according to people familiar with the matter who asked not to be named discussing the private matter.
Borrowers use the website to showcase their bond offering documents, and it’s a popular service used by investors and analysts for information about transactions before they are sold. While market participants said they hadn’t seen or experienced any delays in deals, some issuers are shifting long-held practices by turning to alternative platforms such as BondLink due to the disruption.
Representatives for ImageMaster did not respond to requests for comment.
The municipal bond market is where US states, cities, transportation systems, airports, colleges and other borrowers raise debt to finance infrastructure projects. Local governments often post their offering documents publicly on websites like MuniOS to accessibly market the deals to both institutional and retail buyers.
Inconvenient Outage
The MuniOS outage is causing issuers, investors, bankers and lawyers headaches and inconvenience, but so far transactions have proceeded normally, according to multiple market participants who spoke on the condition of anonymity. The disruption has prompted some to directly send large-file PDFs between parties the old-fashioned way, while others have seen their days fill up with long phone calls from investors unable to access documents, they say.
The documents for a $1.8 billion sale by the Texas Transportation Commission were posted to a different platform called McElwee & Quinn LLC, a financial printing services company, according to a spokesperson for the Texas Department of Transportation. Additionally, the agency provided physical copies of the document to address investor inquiries. The sale is proceeding as planned, the spokesperson said.
In ransomware attacks, hackers will lock up computer systems — sometimes stealing sensitive data — and hold them hostage in return for payment. Cybercriminals have pulled off several high-profile attacks in recent months, with corporations from the beverage maker Asahi Group Holdings Ltd. to the carmaker Jaguar Land Rover Automotive Plc being hit.
Concerns over cyber risks have been growing in the municipal market as well, with credit rating analysts raising it as a concern. In one high-profile situation last year, a Detroit suburb’s bond sale was hacked and the proceeds were stolen.
The MuniOS website was launched in 1999 and is used by issuers to distribute and print their bond offering documents. Bloomberg reported in 2017 that the service had a market share of over 70%.
The Municipal Securities Rulemaking Board, the market’s self-regulatory organization, sent out a notice on Tuesday that issuers can use its EMMA website to post preliminary official statements and other market information.
The notice did not mention the outage at MuniOS.com.
Photo: Photographer: Thomas Samson/AFP/Getty Images
Topics Cyber Training Development
Was this article valuable?
Here are more articles you may enjoy.
Marsh McLennan and Businesses to Unify Under ‘Marsh’ Brand; New Unit Created 
Acrisure to Lay Off 400 Employees, Citing Tech Advancements and AI Integration 
Florida’s Citizens Is Deferring Flood Coverage Proof While NFIP Is Shut Down 
8 Auto Insurance Providers to Pay New York $19M Over Data Breaches 
