The Intercontinental Exchange will pay a penalty for failing to timely inform a cyber intrusion. The enforcement action affected several ICE subsidiaries, including the New York Stock Exchange.
The Intercontinental Exchange (ICE) will pay a penalty of $10 million for failing to inform authorities about a cyber intrusion, according to an announcement from the United States Securities and Exchange Commission (SEC).
The breach, discovered in April 2021, involved malicious code inserted into a VPN device to access ICE’s corporate network. The SEC claims that ICE quickly identified the threat but failed to notify legal and compliance officials at their subsidiaries, including the New York Stock Exchange, for several days.
The agency’s Regulation Systems Compliance and Integrity (Regulation SCI) requires companies to inform the SEC immediately of any significant cybersecurity incident. SEC director of enforcement Gurbir S. Grewal said:
