The US arm of China’s largest bank said Thursday that it was hit by a ransomware attack, forcing clients to reroute trades and disrupting the Treasury market. The Industrial and Commercial Bank of China Financial Services unit, which handles trades for many financial institutions, said the hack had affected some systems. Still, it disconnected parts of those systems to limit damage from the attack. The company said it successfully cleared Treasury trades executed Wednesday and repo financing trades Thursday and that the incident had been reported to law enforcement.
Ransomware attacks, in which hackers gain access to an organization’s systems and encrypt or steal data, have surged in recent years, ranging from casino companies (MGM, Caesars) to hospital systems (St. Jude). In some cases, victims can recover their data by paying a fee to the attackers. But in other cases, the repercussions can be much more severe, such as an attack on Colonial Pipeline in May 2021 that threatened gas supplies for millions of Americans in the Northeast and was only resolved after the company paid almost $5 million to the hackers.
According to a notice on ICBC’s website, the company said its impacted systems were disconnected and isolated to contain the problem. The company reported the incident to law enforcement authorities and added that the attack did not affect its head office and other domestic and overseas branches, including its New York branch.
The incident highlighted a growing vulnerability of large companies’ computer systems used to run trading, investment, and risk management functions. It also underscored the challenge of maintaining adequate cybersecurity measures to keep hackers at bay. The attack on ICBC, which may prompt questions about market participants’ systems, could lead to regulatory scrutiny of the firm and its peers.
As the COVID-19 pandemic continues, investors have sought safe and liquid securities to store their money in. Treasury debt securities markets are the world’s most highly liquid, and they serve as a benchmark against which other dollar fixed-income markets are compared. But the $18 trillion Treasury market was surprisingly dysfunctional this week, with measures of liquidity plummeting to levels not seen since the global financial crisis.
The disruption in the Treasury market was caused by a cyberattack at the New York branch of the Industrial and Commercial Bank of China Financial Services division, which handles trades for many financial institutions. The division, which has offices worldwide, is a crucial hub for trading in the global Treasury bond market. A surge in demand for Treasuries compounded the disruption as asset managers sought to raise cash, foreign central banks were selling to acquire dollars to manage capital outflows and exchange rates, and banks attempted to fund draws on their revolving corporate credit facilities. The combination of these factors significantly strains the market, creating difficulty for traders to find willing buyers at quoted prices.
