By Denny Jacob


The U.S. Securities and Exchange Commission disclosed that Intercontinental Exchange agreed to pay a $10 million penalty to settle charges related to a cyber breach.

The SEC said Intercontinental Exchange - known as ICE for short - settled charges that it caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to timely inform the regulator of a cyber breach as required.

ICE didn't immediately respond to a request for comment.

The SEC's order states that a third party informed ICE in April 2021 that it was potentially impacted by a system intrusion involving a previously unknown vulnerability in its virtual private network. After ICE investigated and determined that a threat actor had inserted malicious code into a VPN device, it didn't notify the legal and compliance officials at its subsidiaries for several days in violation of ICE's own internal cyber incident reporting procedures, the SEC found.

ICE and its subsidiaries, consisting of Archipelago Trading Services; New York Stock Exchange; NYSE American; NYSE Arca; ICE Clear Credit; ICE Clear Europe; NYSE Chicago; NYSE National; and the Securities Industry Automation agreed to a cease-and-desist order in addition to ICE's monetary penalty without admitting or denying the SEC's findings.


Write to Denny Jacob at denny.jacob@wsj.com


(END) Dow Jones Newswires

05-22-24 0953ET