Reported 8 months ago
Intercontinental Exchange Inc (ICE) has agreed to pay a $10 million penalty to settle charges that its subsidiaries failed to promptly notify the Securities and Exchange Commission (SEC) of a cyber intrusion incident discovered in April 2021. The incident involved an unauthorized installation of code into a VPN device, but the delay in reporting the breach violated SEC rules requiring immediate disclosure. ICE, which did not admit or deny the allegations, stated that the attempted network access was unsuccessful and did not impact market operations. The SEC has been emphasizing the importance of timely cybersecurity incident disclosures amid increasing risks of cyberattacks.
Source: YAHOO