SEC faces questions after cyber breach

Alyssa Bailey
Сентября 22, 2017

The Securities and Exchange Commission says cybercriminals got into the agency's files past year and accessed information that might have been used to give them a secret edge in trading.

The top regulator for US financial markets says hackers may have made money from breaking into its corporate filing system and gaining access to inside information about companies.

The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system.

The SEC, like most companies, doesn't fully understand how the information in its various databases can be used. The data filed to the SEC often includes non-public "draft" versions of corporate filings, and the SEC also maintains a Consolidated Audit Trail (CAT) that could be used to determine patterns in trading.

While the 2016 SEC breach was known by the agency, it was never disclosed to the public; the expanded impact of the incident was not uncovered until August, more than one year after the attack.

The statement didn't detail the nature of the information that was taken or how it was used.

Weekly scans of government systems by the Department of Homeland Security showed in January that the SEC had critical cyber security weaknesses but that vulnerabilities were worse at three agencies, including the Environmental Protection Agency and the Department of Health and Human Services.

Читайте также: Cascade-Siskiyou National Monument should shrink in size, Interior Secretary tells Trump

EDGAR contained a hole in its test filing system that was exploited by hackers to gain access to nonpublic information.

The SEC hasn't said whether it is investigating the hack at Equifax, but the agency for years has leaned on publicly traded corporations to strengthen their own cybersecurity systems.

He was assured in his belief that there was no personal data exposed in the breach.

While the SEC handles non-public drafts of rules and personally-identifiable information, it said it doesn't believe the breach led to unauthorized access of that type of data, endangered the operations of the agency, or resulted in "systemic risk".

Cyber criminals have targeted financial information hubs before - the Hong Kong stock exchange and the Nasdaq stock exchange in NY were targeted by hackers in 2011.

"Failure to do so may result in an enforcement action", he warned, although the SEC is yet to ever bring any such action against a non-complying company. Federal prosecutors alleged that 32 traders and hackers reaped more than $100 million in illegal proceeds in a scheme so brazen that the traders would send shopping lists of corporate news releases for sneak-peeking purposes to the hackers in order to place trades. If, however, hackers were able to use nonpublic information to affect stock prices, then bouncing back from a hack may not matter: The damage is done to the market, its investors, and its affected companies. "We must be vigilant".

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2017 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Other reports by

Discuss This Article