LSEG London Stock Exchange Group Plc

By Anna Isaac 

U.K. government agencies are examining whether a trading outage blamed on a software hiccup at the London Stock Exchange in August may actually have been caused by a cyberattack aimed at disrupting markets, according to people familiar with the matter.

A British intelligence agency has contacted the LSE in the past two months requesting additional information about the Aug. 16 outage, according to people familiar with the matter. The U.K.'s Treasury is also involved in the probe.

An LSE spokesperson denied that the incident was cybersecurity related, attributing it to a "technical software configuration issue following an upgrade of functionality." She added that the LSE "has thoroughly investigated the root cause of the issue to mitigate against any future incidents."

The incident, which delayed the market open by more than an hour and a half and was the worst outage in eight years, immediately triggered government cyber alert systems, according to the people familiar with the matter.

The U.K.'s Government Communications Headquarters, known as GCHQ, which monitors critical national infrastructure, including major financial trading platforms, is examining if the software code may have played a role in the outage. Officials are looking at time stamps affiliated with the code's production, which could offer clues to its origin.

The status of the examination and whether any action will be taken by regulators or the LSE is unclear.

At the time, the London Stock Exchange Group, which operates the LSE, said a technical software issue had temporarily prevented trading in a range of securities, including stocks listed on the FTSE 100 and FTSE 250. It didn't specify the cause of the issue.

If the outage was caused by an attack, the aim may have been to cause market disruption and undermine confidence in critical national infrastructure in the U.K., according to the people familiar with the government's examination.

When the LSE notified regulators shortly after the outage in August, there was no indication of a possible cyberattack from the correspondence, according to a government official and a person familiar with the LSE's operations.

The LSE is a key contributor to London's financial pre-eminence in Europe, home to blue-chip stocks like Unilever PLC and BP PLC. It is also the global leader in clearing trillions of dollars worth of derivatives contracts. It has been subject to takeover battles for years and is strengthening its ability to sell data through a $14.5 billion acquisition of financial information business Refinitiv.

A spokesman for the Financial Conduct Authority, which regulates U.K. financial markets, declined to comment on the incident, but said "all regulated firms must have appropriate systems and controls in place to manage operational and technology-related risks and we expect them to report material incidents of this nature to us."

At the time of the outage, the LSE was updating internal systems, which may have made the exchange vulnerable to attack, according to the people familiar with the government examination.

Like many companies, LSE contracts out software development to third parties. Some of those in turn parcel out work to individual developers. LSE technology managers have identified the security of this development supply chain as an area of concern, according to a person familiar with the LSE's operations.

A deal to combine LSE Group with rival Deutsche Börse AG was blocked by regulators in 2017. The tie-up was in part aimed at accessing Deutsche Börse's superior technology and pooling resources to defray the cost of upgrades, according to a person familiar with its technical operations.

In its latest annual report, the LSE said the risk associated with cyberattacks on its institution had risen and identified dangers posed by sophisticated malware and malicious actions from contractors or vendors.

The LSE has suffered three outages since it implemented a new trading system called Millennium Exchange in 2011. These occurred in 2011, 2018, and 2019.

LSE Group announced Dec. 16 that its top technology executive, Chris Corrado, will leave at the end of March. The company said he is leaving to pursue other opportunities. Mr. Corrado declined to comment.

LSE isn't alone in having suffered recent outages.

In September, Hong Kong Exchanges and Clearing said a bug in third party software had led it to suspend activity on its derivatives trading platform.

On Aug. 12, a key NYSE data feed suffered a technical glitch that delayed end-of-day values for the Dow Jones Industrial Average and the S&P 500.

In 2013, the Chicago Metals Exchange Group said it had suffered a cyberattack, which didn't affect its operations.

Some observers say exchanges historically felt protected from conventional cyberattacks, because they developed closed networks, which were relatively isolated from the broader internet and did much of their software development in house.

"Adoption of emerging technology and a growing reliance on outsourcing means the era of truly closed networks is over," Monica Summerville, director of fintech research for research and consulting company TABB Group, said.

Write to Anna Isaac at anna.isaac@wsj.com

(END) Dow Jones Newswires

January 05, 2020 09:14 ET (14:14 GMT)

Copyright (c) 2020 Dow Jones & Company, Inc.