(Reuters) – Intercontinental Exchange Inc (ICE) will pay a $10 million penalty to settle charges its subsidiaries failed to immediately alert the Securities and Exchange Commission of a cyber intrusion incident, the SEC said on Wednesday.
In a statement, the SEC said that in April 2021, ICE discovered someone had installed a malicious code into a VPN device used to remotely access the corporate network.
But ICE personnel did not notify subsidiaries for several days. This meant the subsidiaries violated rules stating the SEC must be informed immediately about a cyber intrusion.
(Reporting by David Ljunggren, Editing by Franklin Paul)
Comments