SEC Says Hackers Stole Market-Sensitive Data

Ann Santiago
September 22, 2017

The statement is part of an ongoing assessment of the SEC's cybersecurity risk profile that Chairman Clayton initiated upon taking office in May. "Specifically, a software vulnerability in the test filing component of the Commission's Edgar system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information".

Clayton concluded: "I recognise that even the most diligent cybersecurity efforts will not address all cyber risks that enterprises face".

The Securities and Exchange Commission (SEC), America's most prominent regulator, acknowledged on Wednesday that its Electronic Data Gathering, Analysis and Retrieval ('EDGAR') database of corporate filings was hacked in 2016. Infiltrating the SEC's system to review announcements before they are released publicly would serve as a virtual treasure trove for a hacker seeking to make easy money.

The SEC first detected the intrusion in 2016 but only last month became aware that stolen information may have been used for illegal trades.

According to Reuters, the SEC in particular had previously been pulled up by the United States government accountability office for failing to implement an intrusion-detection system properly, and making mistakes regarding things as basic as firewall configuration.

Warner said he'd press SEC Chairman Jay Clayton on the agency's rules dictating when companies must report data breaches when he appears before the Banking panel next week. The SEC says it gets more than 1.7 million filings each year, and more than 50 million pages of documents are accessed every day.

The SEC has had other issues with Edgar, including people posting phony takeover offers and other hoaxes on the system that have temporarily driven up companies' share prices. But the damage was done, and in a statement, the commission said it found evidence in August that the intrusion may have given someone enough data to play the markets.

A 2015 case was brought by the agency against fraudulent insider trading ring that had paid Ukrainian hackers to gain access to sensitive information.

The incident comes just weeks after Equifax Inc, a major US consumer credit reporting agency, disclosed that hackers had stolen data on more than 143 million customers and underscores the threat cyber criminals pose to the integrity of the financial markets. The cybersecurity risks there are huge; a hacker could, for example, sniff out investors' trading strategies and try to game them.

Other reports by

Discuss This Article