SEC admits its corporate filing database was hacked in 2016

SEC admits its corporate filing database was hacked in 2016

SEC admits its corporate filing database was hacked in 2016

The breach involved Securities and Exchange Commission's EDGAR filing system, which houses market-moving information with millions of filings ranging from quarterly earnings to statements on acquisitions.

Wall Street's top regulator says that a 2016 breach at its corporate disclosure database may have enabled hackers to profit from trading on inside information.

The agency announced the hack in the wake of a massive months-long hack of Equifax, a credit reporting agency, through which sensitive personal information of 143 million people was exposed.

See, EDGAR is an automated system that processes forms and other paperwork submitted by companies.

The federal agency responsible for ensuring that markets function as they should and for protecting investors was hacked previous year and the intruders may have used the nonpublic information they obtained to profit illegally.

Mr Clayton said that companies needed to consider whether they were adequately disclosing "information about their risk management governance and cyber security risks" to the public. The statement provides an overview of the Commission's collection and use of data and discusses key cyber risks faced by the agency.

Cascade-Siskiyou National Monument should shrink in size, Interior Secretary tells Trump
The president could also send the recommendations to Congress and request that lawmakers make the adjustments. National monuments can be so designated through the power of the Antiquities Act of 1906.

The SEC 's new director, Walter J. Clayton, has said the agency would work to improve its cybersecurity protections.

The agency said it learned in August that an incident detected previous year "was exploited and resulted in access to nonpublic information".

The SEC has also been dealing with attempts to seed EDGAR with bad data to affect financial markets. Clayton says authorities are still investigating the issue, but the commission believes the hackers didn't gain unauthorized access to personally identifiable information or anything that can jeopardize its operations.

In a statement, SEC chairman Jay Clayton said that the commission had only last month learned of the potential impact of "an incident previously detected in 2016". Hackers also got their hands on names, Social Security numbers, birth dates, addresses, and some driver's license numbers.

"The chairman obviously recognises the irony of the SEC potentially serving as the unwitting tipper in an insider trading scheme", said John Reed Stark, president of a cyber consulting firm and a former SEC staff member. The SEC provided little information, so it's still unknown which companies may have been affected or if hackers made a profit.

I commend Chairman Clayton for initiating an assessment of the SEC's internal cybersecurity risk profile and approach to cybersecurity from a regulatory perspective.

Related news