Overview
- ICE's subsidiaries did not report the cyber intrusion to the SEC immediately, breaching Regulation SCI rules.
- The intrusion involved sophisticated threat actors installing malicious code on a VPN device.
- The delay in reporting was a violation of both SEC regulations and ICE's internal procedures.
- The SEC emphasized the importance of timely notifications to protect markets and investors.
- ICE agreed to the settlement without admitting or denying the SEC's findings.