London Stock Exchange denies cyber attack as UK probes trading outage
The London Stock Exchange has denied that a cyber attack was responsible for a major trading outage in August, as UK security agencies reportedly investigate the cause of the incident.
A British intelligence agency contacted the London Stock Exchange (LSE) in the past two months to request additional information about the outage on 16 August, the Wall Street Journal reported.
Read more: London Stock Exchange launches consultation on shorter trading hours
The incident, which delayed the market opening by more than an hour and a half, was the London index’s worst outage for eight years.
A spokesperson for the London Stock Exchange Group (LSEG) denied the incident was related to cybersecurity and said it “was caused by a technical software configuration issue following an upgrade of functionality”.
The outage immediately triggered government cyber alert systems, and GCHQ is examining whether the software code could have played a role in the incident, according to the Wall Street Journal.
The paper reported that the status of the investigation and whether any action will be taken by regulators or the LSE is not clear. The Treasury is also reportedly involved in the probe.
The Treasury declined to comment on the reports.
“London Stock Exchange takes its commitment to run orderly markets for its members seriously and has thoroughly investigated the root cause of the issue to mitigate against any future incidents,” said the LSEG spokesperson.
A spokesperson for the National Cyber Security Centre said: “the NCSC has not treated the LSE outage as a cyber security related incident and has not investigated it as such.”
At the time of the outage, the LSE said it had “experienced a technical software issue” that had “affected trading in certain securities”, including stocks listed on the FTSE 100 and FTSE 250.
The exchange did not specify the cause of the issue at the time.
Read more: Which stocks are City A.M. staff backing in the new year?
When the LSE notified regulators following the incident, the correspondence did not indicate the possibility of a cyberattack, the Wall Street Journal reported.
A spokesperson for the Financial Conduct Authority, which regulates financial markets in the UK, declined to comment on the incident, but said: “all regulated firms must have appropriate systems and controls in place to manage operational and technology-related risks and we expect them to report material incidents of this nature to us”.