A US unit of the Industrial and Commercial Bank of China (ICBC) was recently hit by a ransomware attack that disrupted some of its systems, reportedly hitting liquidity in US Treasuries which may have contributed to a brief market sell-off on Thursday.
ICBC Financial Services, which is headquartered in New York, said in a statement that the attack, which happened on Wednesday, had been reported to law enforcement. It was in the process of investigating the incident and trying to recover from the cyberattack.
“We successfully cleared US Treasury trades executed Wednesday … and [repurchase agreements] financing trades done on Thursday,” it said in the statement.
Ransomware attacks are a form of cyber extortion. The perpetrator locks the victim’s data or networks and demands payment to unblock access.
The systems of ICBC’s head office in Beijing and other domestic and overseas units were not affected by this incident, nor was the ICBC New York Branch, the unit said.
State-owned ICBC is the biggest of China’s “Big Four” banks and the world’s largest lender by assets, according to S&P Global. On Friday, China’s Foreign Ministry said the bank was paying close attention to the incident.
It “has completed emergency handling and supervision in an effort to minimize risk impact and losses,” Ministry spokesperson Wang Wenbin told reporters at a regular press briefing, and global financial regulators are assessing the fallout.
“We are aware of the cybersecurity issue and are in regular contact with key financial sector participants, in addition to federal regulators. We continue to monitor the situation,” a Treasury spokesman said.
The US Securities and Exchange Commission is also aware of the incident and “continues to monitor with a focus on maintaining fair and orderly markets,” a spokesperson for the agency said.
A spokesperson for the UK Financial Conduct Authority said it was “communicating with the relevant US and UK authorities and firms to identify any impacts to UK financial services.”
The Financial Times and Reuters quoted some market participants as saying trades going through ICBC were disrupted, which affected market liquidity. It’s unclear whether the incident contributed to the weak 30-year bond auction conducted by the US Treasury Thursday.
There was a “sharp selloff” in Treasuries after the auction, Ipek Ozkardeskaya, senior analyst at Swissquote Bank, wrote in a Friday note to investors, saying yields rose for a range of different bonds.
“Of course, the sudden jump in US yields hit appetite in US stocks yesterday,” she said. “The US bond auction brought along a lot of volatility, questions, and uncertainty.”
Peter Cardillo, chief market economist at Spartan Capital Securities, says that the ransomware attack could have helped contributed to the 30-year auction’s weak showing. The attack could have impacted the bank’s ability to clear trades or led to reroutes and in turn impacted liquidity in the Treasury market or the ability to quickly trade an asset.
China is a major player in the Treasuries market. According to the most recent data from the US Treasury Department, China held $805.4 billion worth of Treasury securities as of August. It is the world’s second largest foreign holder of US Treasury bills after Japan.
Globally, ransomware attacks have disrupted company operations and key public services. The issue has become a national and economic security concern for the administration of President Joe Biden.