Published: Fri, September 22, 2017
Economy | By Melissa Porter

SEC: We Were Hacked

SEC: We Were Hacked

The Security and Exchange Commission, the country's top Wall Street regulator, announced that hackers breached its system for storing documents filed by publicly traded companies a year ago, potentially accessing data that allowed the intruders to make an illegal profit. Buried about 1,400 words in, you'll find an eyebrow-raising disclosure - the SEC was apparently hacked in 2016.

The SEC didn't say which companies may have been impacted by the 2016 intrusion. SEC officials were unaware of the breach until August 2017 and quickly patched the security vulnerability, the agency said.

"Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic", said Clayton.

The federal agency responsible for ensuring that markets function as they should and for protecting investors was hacked previous year and the intruders may have used the nonpublic information they obtained to profit illegally. Accessing that information before it's disclosed publicly could allow hackers to make money by anticipating how a share price would respond. How vulnerable is the SEC to hackers, and did the agency live up to its own disclosure standards? Two years ago it charged a group of mainly US -based stock traders and computer hackers in Ukraine with the theft of thousands of corporate press statements ahead of their public release, resulting in more than $100 million in illegal profit. "Combining the difficulty of tying together multiple events with the difficulty of knowing what information was accessed means that from a purely cyber and digital forensics perspective, it could be incredibly hard to prove specific trades were tied to compromise at the SEC".

The top securities regulator in the United States said Wednesday night that its computer system had been hacked previous year, giving the attackers private information that could have been exploited for trading.

SEC Chairman Jay Clayton said the agency's review of the breach is ongoing and that it's "coordinating with the appropriate authorities".

While the SEC handles non-public drafts of rules and personally-identifiable information, it said it doesn't believe the breach led to unauthorized access of that type of data, endangered the operations of the agency, or resulted in "systemic risk".

"We must be vigilant".

Like this: