The cyber hack at US broker dealer Industrial and Commercial Bank of China on Wednesday was so extensive that even corporate email stopped working and employees had to switch to Google mail, two people familiar with the situation said.
As a result of the outage, the broker temporarily owed BNY Mellon $9 billion, many times its net worth – a measure of the resources available to promptly meet demands.
These details and what happened next, some of which are reported here for the first time, show how the ransomware attack brought a company owned by China’s largest bank to the brink. They serve as a wake-up call for the financial sector and raise questions about the sustainability of the $26 trillion Treasury market.
ICBC’s New York unit, called ICBC Financial Services, received a cash injection from its Chinese parent company to help pay off BNY and manually processed the transactions with the custodian bank, Reuters reported on Friday.
The sources said ICBC told market participants at an industry meeting on Friday afternoon that it was working with cybersecurity firm MoxFive to develop secure systems that would allow it to resume normal operations on Wall Street. ICBC expects the process to take at least until Monday, they said.
In the meantime, the company has asked its clients to temporarily suspend operations and conduct trades elsewhere, the sources said. Other market participants are meanwhile reviewing their own books for risks and trying to redirect trades, one of the sources said.
ICBC Financial Services could not be contacted for comment. ICBC did not respond to a request for comment.
In a statement on its website, the brokerage said it was “continuing its recovery efforts with the support of a professional team of information security experts.” The brokerage said treasury bond transactions were completed on Wednesday and repo financing transactions were completed on Thursday.
The ransomware attack, for which cybercrime group Lockbit claimed responsibility, came at a time of heightened concern about the resilience of the treasury market, which plays an important role in the functioning of global finance. After turmoil in it – most recently during the March 2020 pandemic. – have jeopardised financial stability, US authorities have launched a broad review of its functioning.
While market participants and officials say that the impact of the ICBC hack on the functioning of the Treasury market was limited, its extent is not yet clear. For example, there is debate over whether the attack affected a major Treasury bond auction on Thursday.
Nevertheless, market participants say the attack is likely to add a new dimension to the regulatory review as it forces a closer look at cyber threats. The attack could also push the Securities and Exchange Commission to require more Treasury bond transactions to go through centralised clearing, where a third party acts as a seller for each buyer and a buyer for each seller.
Darrell Duffy, a Stanford finance professor who has studied the market in depth and advises regulators, believes that other companies in an ICBC situation may not have enough capital on hand to cover large deficits and defaults.