SEC Cybersecurity Breach: Did Hackers Profit From Vulnerability?
Hackers breached the SEC in 2016, and the intrusion may have paved the way for illegal profits through financial trading, the U.S. Securities and Exchange Commission (SEC) disclosed this evening.
In a lengthy cybersecurity policy statement from SEC Chairman Jay Clayton, he disclosed today:
“In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information.”
The breach occurred before Clayton in May 2017 was named chairman of the SEC. The SEC did not disclose a specific software product name that contained the vulnerability. Fortunately, the SEC believes the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, nor result in systemic risk. But on the other hand, there are still concerns about “illicit gain” from the hack.
EDGAR is short for the Electronic Data Gathering, Analysis, and Retrieval system. The platform typically manages more than 3,000 filings per day.