Content, Americas, Governance, Risk and Compliance, Breach, Channel markets, Vertical markets

SEC Cybersecurity Breach: Did Hackers Profit From Vulnerability?

SEC Chairman Jay Clayton
SEC Chairman Jay Clayton

Hackers breached the SEC in 2016, and the intrusion may have paved the way for illegal profits through financial trading, the U.S. Securities and Exchange Commission (SEC) disclosed this evening.

In a lengthy cybersecurity policy statement from SEC Chairman Jay Clayton, he disclosed today:

"In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information."


The breach occurred before Clayton in May 2017 was named chairman of the SEC. The SEC did not disclose a specific software product name that contained the vulnerability. Fortunately, the SEC believes the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, nor result in systemic risk. But on the other hand, there are still concerns about "illicit gain" from the hack.

EDGAR is short for the Electronic Data Gathering, Analysis, and Retrieval system. The platform typically manages more than 3,000 filings per day.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.