CME Group Inc., operator of the world’s largest futures market, said its computer systems were hacked in July and “certain customer information” for its ClearPort platform was compromised.
The owner of the Chicago Mercantile Exchange said there’s no evidence that transactions on its electronic-trading system or its clearing services were affected. The incident is the subject of a U.S. government investigation, according to CME Group and the Federal Bureau of Investigation.
Cyber security has been flagged as one of the biggest threats to markets and governments by industry groups and international regulators. A study in July found that computers at about 53% of exchanges around the world were attacked during the previous year. Nasdaq OMX Group Inc. discovered suspicious files on its website in 2011, prompting a federal investigation.
“Assuming no customer assets were affected, this is useful as an eye-opener,” said Pete Lindstrom, an analyst at Spire Security in Philadelphia. “We continue to see various types of folks who are hacked,” he said. “It starts to generate concern over our financial infrastructure.”
CME ClearPort provides clearing services for over-the- counter products including energy and metals trades. “To protect participants, CME Group forced a change to customer credentials impacted by the incident, and is corresponding directly with the impacted customers,” the company said in today’s statement.
Michael Shore, a CME Group spokesman, declined to elaborate on the statement.
“We did receive the referral” from CME Group, said Joan Hyde, a spokeswoman for the Chicago office of the FBI. “We are looking into the matter.”
While cyber attacks are global, American exchanges have reported the most instances of attempted sabotage via the Internet, according to a July study co-authored by the World Federation of Exchanges and the International Organization of Securities Commissions. About 67% of U.S.-based trading venues said they had to fight them off, the study showed. About 89% said it represents a systemic risk.
That’s in line with the conclusion of the Depository Trust & Clearing Corp., which processes U.S. stock trades. It said in August that hacking is the gravest threat to government and financial markets.
“Cyber-security is a large and growing problem for all financial service providers,” Howard Ward, the chief investment officer for growth equity at Rye, New York-based Gamco Investors Inc., which oversees about $40 billion, wrote in an e-mail. “We must accelerate our investments in protecting our financial system and power grid from intruders before they score a big one.”
On July 25, U.S. prosecutors said they indicted four Russians and a Ukrainian in what was called the largest hacking and data breach scheme in U.S. history. Nasdaq OMX was among their targets.
Nasdaq OMX in 2011 disclosed an intrusion involving “suspicious” files on its Directors Desk system, which lets corporate board members communicate and share information. The National Security Agency, the top U.S. electronic intelligence service, joined a probe of the 2010 attack, people familiar with the investigation said in March 2011.