Exchange operator CME Group says that its ClearPort clearing system was hacked in July, compromising customer information.
In a statement, the firm says that "there is no evidence that trades on CME Globex were adversely impacted" and that it forced a change to customer credentials affected by the incident to protect them.
It is now corresponding directly with the customers and the intrusion is the subject of an ongoing federal investigation.
Sources have told the Wall Street Journal that the attack has been traced to Hong Kong and that more than 7000 passwords used by more than 2000 firms were compromised.
Says the exchange's statement: "CME Group takes these events very seriously and places a high priority on protecting its customers' information and ensuring the integrity of its markets."
Exchanges have become regular targets for cyber-attacks - in July Iosco and the World Federation of Exchanges published figures showing that just over half of the world's securities markets had fought off intrusions over the previous year.
Over the summer, Nasdaq OMX warned users of its community bulletin boards that hackers had broken into the site and may have compromised user e-mail addresses and passwords.
To help prepare for such intrusions, in recent months the industry in London and New York has staged major war game simulations, practising how to react to major attacks.