Euronext delays commodities report in wake of ION cyber attack

By Harry Robertson and Gus Trompiz

© Thomson Reuters
FILE PHOTO: Logo of Euronext is seen on the headquarters at La Defense business and financial district in Courbevoie near Paris

LONDON/PARIS (Reuters) -Exchange operator Euronext has postponed until further notice a weekly report on positions held in its commodity derivatives, as disruption caused by a ransomware attack on financial data firm ION Group continued.

Euronext , whose wheat futures are a price benchmark for the European grain sector, said a problem with a third-party software provider that occurred on Jan. 31 had prevented some market participants from reporting daily positions for Feb. 3.

It did not name the provider, but Jan. 31 matches the date when ION reported a cyber attack at ION Markets UK’s cleared derivatives division.

The attack, for which hacking group Lockbit claimed responsibility, affected ION customers including brokerages, hedge funds and some of the world’s biggest banks.

The U.S. Commodity Futures Trading Commission, a regulator, last week delayed publication of its Commitments of Traders (COT) report.

Euronext, which usually issues its COT report on Wednesdays for positions held the previous week, initially announced on Wednesday that its latest publication would be delayed until Feb. 10 at the latest as a small number of participants could not submit positions.

An updated message on its website on Thursday said the report was postponed “until further notice”.

There were signs that wider disruption was easing on Thursday, as ION tried get its clients back up and running.

A separate person with knowledge of the matter at another institution said ION had told clients it had restored connectivity at its clearing system XTP, meaning ION users could start to clear internal business backlogs.

ION said on Tuesday that it had started to get some clients back online, and a spokesperson said that work was progressing on Thursday.

Among those likely to have been affected by the ION attack were Dutch bank ABN Amro’s clearing unit and Intesa Sanpaolo, Italy’s largest bank by assets, according to messages to clients seen by Reuters last week.

“With regard to the ION Group cyber incident, we promptly adopted measures to avoid fully suspending activities related to the Exchange-Traded Derivatives segment. Most operations have now been restored. We also immediately carried out security checks to protect our clients and ensure that our own systems were free of contagion,” an Intesa Sanpaolo spokesperson said.

Some base metal traders reported experiencing delays in matching deals transacted on the London Metal Exchange.

Lockbit said last week that a ransom had been paid, although it declined to say how much it was or offer evidence the money had been handed over. ION declined to comment on whether it had met the demands.

(Reporting by Harry Robertson and Gus Trompiz; additional reporting by Amanda Cooper and Sybille de La Hamaide; editing by Forrest Crellin, Barbara Lewis and Paul Simao)