SEC says hackers may have profited from 2016 breach

Leigh Mccormick
September 22, 2017

The US Securities and Exchange Commission's EDGAR filing system was hacked in 2016.

The hack of an aspect of the U.S. Securities and Exchange Commission's Edgar filing system occurred a year ago, the regulator said in a statement.

The incident comes just weeks after Equifax Inc, a major USA consumer credit reporting agency, disclosed that hackers had stolen data on more than 143 million customers and underscores the threat cyber criminals pose to the integrity of the financial markets.

"Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency", SEC Commissioner Michael Piwowar said in a statement. The agency said the attackers had exploited a weakness in a part of the EDGAR system and it had "promptly" fixed it.

The federal agency responsible for ensuring that markets function as they should and for protecting investors was hacked past year and the intruders may have used the nonpublic information they obtained to profit illegally.

Family 'grateful' after DNA cracks 25-year-old slay
A MA man was taken into custody in CT on Monday in connection with a decades-old slaying of a middle school educator. Authorities found Schara at a CT medical facility, where he was taken into custody on a fugitive-of-justice charge.

It says that the system has been patched to remove this software vulnerability.

"The SEC is a juicy target because they store non-public information, which can be used to exploit the stock market - not exploiting in the technical sense, but using the non-public information to successfully invest in the stock market", Smith told SearchSecurity.

In a statement, SEC chairman Jay Clayton said that the commission had only last month learned of the potential impact of "an incident previously detected in 2016".

He was assured in his belief that there was no personal data exposed in the breach.

His statement didn't provide any details about the information the hackers obtained or which companies might have been affected, but did make clear that the investigation is continuing. The statement also detailed steps the SEC is taking to shore up its cybersecurity through the appointment of a new senior-level security workgroup, risk monitoring, and incident response improvements. The SEC says a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. Infiltrating the SEC's system to review announcements before they are released publicly would serve as a virtual treasure trove for a hacker seeking to make easy money. Insider trading refers to buying or selling of a stock by a trader who has inside knowledge that the investing public is not aware of, creating an unfair advantage.

Other reports by

Discuss This Article

FOLLOW OUR NEWSPAPER