SEC says hackers may have profited from stolen insider information

Cheryl Sanders
September 21, 2017

The top securities regulator in the United States said Wednesday night that its computer system had been hacked previous year, giving the attackers private information that could have been exploited for trading.

The Securities and Exchange Commission said it was investigating the source of the hack, which it said exploited a software vulnerability in a part of the Edgar system.

Cyber criminals have targeted financial information hubs before - the Hong Kong stock exchange and the Nasdaq stock exchange in NY were targeted by hackers in 2011.

Washington D.C., September 20, 2017 - SEC Chairman Jay Clayton today issued a statementhighlighting the importance of cybersecurity to the agency and market participants, and detailing the agency's approach to cybersecurity as an organization and as a regulatory body. Its EDGAR database houses millions of filings on corporate disclosures ranging from quarterly earnings to statements on mergers and acquisitions. In a statement posted Wednesday, Sept. 20, evening on the SECs website, Clayton says a review of the agencys cybersecurity risk profile determined that the previously detected “incident” was caused by “a software vulnerability” in its EDGAR filing system.

It said that while the vulnerability was "patched promptly after discovery", that did not occur before it "was exploited and resulted in access to nonpublic information".

The breach was fixed shortly after it was discovered in 2016, but some investors may have used the illegally acquired data to make illegal profits, Clayton said. It processes around 1.7 million filings a year.

"Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber-threat actors have managed to access or misuse our systems", he said.

The SEC has scored some victories in tackling cyber criminals in recent years.

Instances of the agency's staff using private, unsecure private emails to send confidential information were also discovered.

"Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities".

Other reports by iNewsToday