NYSE parent gets $10M wrist tap for failing to report 2021 systems break-in

The New York Stock Exchange’s parent company has just been hit with a $10 million fine for failing to properly inform the Securities and Exchange Commission (SEC) of a 2021 cyber intrusion.  In an order published today, the SEC said that Intercontinental Exchange (ICE) will pay the penalty to settle charges it caused nine subsidiaries – the NYSE among them – to violate its Regulation Systems Compliance and Integrity (Regulation SCI) reporting rules. These rules require covered companies to immediately notify the SEC of any SCI incidents, and provide a detailed report within 24 hours.  That is the complete opposite of what the SEC alleges actually happened.  The agency claims that instead, after being notified that it may be subject to a VPN zero day and then discovering it had already been attacked using the vulnerability, ICE told no one.

Source: The Register