SEC and ICBC unit reach settlement after ransomware attack
The SEC criticised the firm for its lack of preparation for the incident but did not impose a civil fine, acknowledging the company’s cooperation and remedial actions.
The SEC has settled allegations against ICBC Financial Services, a US-based unit of the Industrial and Commercial Bank of China, following a ransomware attack in November 2023.
The attack disrupted the company’s operations, including its ability to maintain accurate records and notify customers of securities-related transactions for nearly four months.
Regulators cited the firm’s lack of preparation for a significant cybersecurity incident as a factor leading to the breach. Despite this, the SEC refrained from imposing a civil fine, crediting the company’s meaningful cooperation and extensive remedial efforts in addressing the situation.
ICBC Financial Services neither admitted nor denied any wrongdoing in the settlement. The agreement highlights the SEC’s focus on ensuring firms take proactive steps to strengthen their cybersecurity defences.
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.