SEC victim of hacking, filing system breached

Securities and Exchange Commission Chairman nominee Jay Clayton testifies on Capitol Hill in Washington at his confirmation hearing before the Senate Banking Committee. The SEC says a cyber breach of a filin

Alt-right Twitter rival may lose domain Facebook under fire over Russian ads in election MORE (D-Va.), a member of the Senate Banking Committee, said the SEC breach "shows that government and businesses need to step up their efforts to protect our most sensitive personal and commercial information".

By specifically targeting this system, the threat actors may have gained access to information which had the power to change the market, which in turn could be used to trade illicitly thanks to the stolen, "insider" information contained therein, whether they were company financial statements or merger announcements. The SEC did not specify companies whose information may have been exposed, adding the intrusion did not expose any personally identifiable information or otherwise pose "systemic" risk.

I commend Chairman Clayton for initiating an assessment of the SEC's internal cybersecurity risk profile and approach to cybersecurity from a regulatory perspective.

The SEC has announced an eye-opening revelation-its online EDGAR filing system was hacked in 2016, and the hackers may have used the data to execute trades on non-public information.

The SEC is in the midst of an enormous, long-delayed project - called the Consolidated Audit Trail - meant to record in real time details of every trade in the US stock market. How vulnerable is the SEC to hackers, and did the agency live up to its own disclosure standards? A year later, the event has once again resurfaced with the SEC's admission that the attack "may have provided the basis for illicit gain through trading". The SEC says it gets more than 1.7 million filings each year, and more than 50 million pages of documents are accessed every day.

The system that was breached, known as EDGAR, is a popular way for investors to access the detailed financial reports companies that sell stock to the public must periodically release. A number of filings are immediately posted on Edgar when they are submitted to the database, so it's unclear what kind of information is kept non-public that could be a target for hackers.

It also claims that there is no systemic risk from the hack and that it didn't jeopardize the SEC.

SEC Chairman Jay Clayton said the agency's review of the breach is ongoing and that it's "coordinating with the appropriate authorities".

"We must be vigilant".

Related news: