$10 Million Fine for Failing to Timely Report Breach
The Intercontinental Exchange (ICE), the parent company of the NYSE will pay a penalty of $10 million for failing to timely inform authorities about a cyber breach. The cyberattack involved malicious code inserted into a virtual private network (VPN) device to access ICE’s corporate network.
The SEC claims that ICE quickly identified the threat in 2021 but failed to notify legal and compliance officials at their subsidiaries, including the New York Stock Exchange, for several days. SEC Director of Enforcement Gurbir Grewal said, “When it comes to cybersecurity, especially events at critical market intermediaries, every second counts and four days can be an eternity.”
The SEC’s enforcement action affected several ICE subsidiaries, including Archipelago Trading Services Inc, New York Stock Exchange LLC, NYSE American LLC, NYSE Arca Inc, ICE Clear Credit LLC, ICE Clear Europe Ltd, NYSE Chicago Inc and NYSE National Inc. Read more about this story on our LinkedIn page
The SEC claims that ICE quickly identified the threat in 2021 but failed to notify legal and compliance officials at their subsidiaries, including the New York Stock Exchange, for several days. SEC Director of Enforcement Gurbir Grewal said, “When it comes to cybersecurity, especially events at critical market intermediaries, every second counts and four days can be an eternity.”
The SEC’s enforcement action affected several ICE subsidiaries, including Archipelago Trading Services Inc, New York Stock Exchange LLC, NYSE American LLC, NYSE Arca Inc, ICE Clear Credit LLC, ICE Clear Europe Ltd, NYSE Chicago Inc and NYSE National Inc. Read more about this story on our LinkedIn page