United States Securities and Exchange Commission (SEC) has revealed that its systems were breached last year and hackers have been illegally profiting from it. The announcement was made by SEC Chairman Jay Clayton in an eight-page statement where he majorly about SEC and cybersecurity with a passing reference toward the incident and the follow-up. “Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases, cyber threat actors have managed to access or misuse our systems. In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading,” he said.
“Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities. As another example, our Division of Enforcement has investigated and filed cases against individuals who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movements.”
The statement did not speak about why the announcement was delayed by a year, or the exact date or the occurrence of the incident.
The incident comes to fore weeks after the major breach at credit-reporting firm Equifax, which has been served several class action lawsuits. The incident has brought the need for cybersecurity for organizations to the limelight. It also made several top-level reshuffles, Mark Rohrwasser has been appointed interim Chief Information Officer while Russ Ayres has been appointed interim Chief Security Officer.”
“This hack illustrates that protecting against hackers isn’t as easy as the government sometimes expects of companies,” said Bradley Bondi, a former SEC enforcement attorney now in private practice in an interview with Bloomberg Market. “Everyone is vulnerable at any time.”