SEC settles with ICBC unit over ransomware attack – Security – Financial Services


The US Securities and Exchange Commission has settled record keeping charges against an Industrial and Commercial Bank of China unit concerning a November 2023 ransomware attack, but decided not to impose a civil fine.



The accord resolves accusations that for nearly four months after the attack, New York-based ICBC Financial Services failed to keep its books and records current or send written notifications for securities-related transactions to customers.

The SEC decided against a fine in light of the ICBC unit’s “meaningful cooperation and extensive remedial measures.”

It also said the causes of the attack included inadequate preparation for a potentially severe cyber security incident.

The ICBC unit did not admit or deny wrongdoing in agreeing to settle.



Source link