SEC says its corporate filing system was hacked

Adjust Comment Print

The breach involved Securities and Exchange Commission's EDGAR filing system, which houses market-moving information with millions of filings ranging from quarterly earnings to statements on acquisitions.

The SEC's EDGAR filing system, which is used to process corporate disclosure documents, was the subject of the hack.

The SEC said it is investigating the matter and is cooperating with law enforcement. It issued 26 recommendations that it said would make SEC systems more secure.

The SEC hosts large volumes of sensitive and confidential information that could be used for insider-trading or manipulating US equity markets. Hackers exploited that vulnerability, resulting in "access to nonpublic information", he said. In a statement, Republican SEC Commissioner Mike Piwowar, who for part of 2017 also served as Acting Chairman, said he was "recently informed for the first time that an intrusion occurred in 2016".

"The SEC is a juicy target because they store non-public information, which can be used to exploit the stock market - not exploiting in the technical sense, but using the non-public information to successfully invest in the stock market", Smith told SearchSecurity.

The SEC said it has been conducting an assessment of its cybersecurity since Clayton took over as chairman in May.

The SEC has announced an eye-opening revelation-its online EDGAR filing system was hacked in 2016, and the hackers may have used the data to execute trades on non-public information.

The Securities and Exchange Commission (SEC) released a statement on September 20, which said that it learned in August 2017 of a cyberattack previously detected in 2016 might have allowed illicit gain through trading.

The Equifax breach, which focused on a database that contained the personal information of 143 million Americans, focused attention on the vulnerabilities of private companies that handle sensitive personal financial information.

It also raises questions about whether there were weak spots within the SEC, an institution tasked with protecting investors and financial markets, that allowed the hackers in.

The SEC said it does not believe the cyber attack compromised personally identifiable information, such as names.

"Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic", Clayton said. "We must be vigilant".

Clayton's public statement said the SEC recognizes the importance of cybersecurity and uses an organizationwide program for threat detection, protection and prevention.