SEC Reveals Data Breach Caused By Software Application Vulnerability

Posted September 22, 2017

The US Securities and Exchange Commission has revealed hackers gained access to its financial document filing system and may have profited from what they were able to see.

The Securities and Exchange Commission (SEC), America's chief stock market regulator, said on Wednesday that cybercriminals may have used data stolen past year to make money in the stock market, making it the latest federal agency to grab headlines for losing control of its data.

News of the incident comes after credit reporting agency Equifax earlier this month disclosed a breach that exposed the personal information of 143 million USA consumers.

The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system.

More news: BMO Capital Markets Begins Coverage on Kimco Realty Corporation (KIM)

The SEC has had other issues with Edgar, including people posting phony takeover offers and other hoaxes on the system that have temporarily driven up companies' share prices. The security hole "was patched promptly after discovery", Clayton said. In August, he said the SEC learned additionally that it "may have provided the basis for illicit gain through trading".

EDGAR holds non-public information on corporate announcements, including mergers and acquisition filings and quarterly statements. Clayton said SEC has been conducting an assessment of its cybersecurity since he took over as chairman in May.

Clayton said that the vendors that SEC works with have also exposed the agency to vulnerabilities because "a weakness in vendor systems or software products may provide a mechanism for a cyber threat actor to access SEC systems or information through trusted paths".

The SEC discussed the 2016 hack in a lengthy statement by Clayton on the agency's cybersecurity efforts. In the case of the Equifax breach, credit card numbers for about 209,000 USA consumers, and certain dispute documents with personal identifying information for 182,000 U.S. consumers were accessed.

More news: The Apple Watch Series 3 isn't off to a good start

The statement from Clayton also mentioned that some SEC laptops that could have stored private data were unable to be located during an internal review of the body in 2014.

It is not believed that any personally identifiable information or SEC operations were compromised, the agency added.

But as one of the world's largest collectors of sensitive information, America's federal government is a major target for hackers from both the private sector and foreign governments. The SEC regulates what companies must disclose to shareholders about breaches.

More news: West Ham United 3-0 Bolton Wanderers