Intercontinental Exchange Fined $10 Million for Delayed Cyber Intrusion Report

SEC penalizes ICE for failing to promptly disclose a 2021 VPN breach, citing violations of regulatory and internal protocols.

ICE's subsidiaries did not report the cyber intrusion to the SEC immediately, breaching Regulation SCI rules.
The intrusion involved sophisticated threat actors installing malicious code on a VPN device.
The delay in reporting was a violation of both SEC regulations and ICE's internal procedures.
The SEC emphasized the importance of timely notifications to protect markets and investors.
ICE agreed to the settlement without admitting or denying the SEC's findings.