SEC faces questions after cyber breach

Alyssa Bailey
September 22, 2017

The Securities and Exchange Commission says cybercriminals got into the agency's files past year and accessed information that might have been used to give them a secret edge in trading.

The top regulator for US financial markets says hackers may have made money from breaking into its corporate filing system and gaining access to inside information about companies.

The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system.

The SEC, like most companies, doesn't fully understand how the information in its various databases can be used. The data filed to the SEC often includes non-public "draft" versions of corporate filings, and the SEC also maintains a Consolidated Audit Trail (CAT) that could be used to determine patterns in trading.

While the 2016 SEC breach was known by the agency, it was never disclosed to the public; the expanded impact of the incident was not uncovered until August, more than one year after the attack.

The statement didn't detail the nature of the information that was taken or how it was used.

Weekly scans of government systems by the Department of Homeland Security showed in January that the SEC had critical cyber security weaknesses but that vulnerabilities were worse at three agencies, including the Environmental Protection Agency and the Department of Health and Human Services.

Mobile Call Connect Charges Slashed By Nearly 60%. How It Affects You
Khullar added that the coming days could see a replay of the events in 2007, when the IUC was reduced from 30 paise to 20 paise. Mathews said. "Globally, in a calling-party-pays regime, there is no zero-IUC regulation".

Florida's Irma Outages Continue Despite Power Grid Upgrades
During Wilma, 3.24 of FPL's then-4.3 million customers (about 75 percent) lost power, many for more than two weeks. Lights are turning back on across the county four days after Tropical Storm Irma caused widespread power outages.

Cascade-Siskiyou National Monument should shrink in size, Interior Secretary tells Trump
A leaked memo shows the Interior Department recommending reducing Bears Ears and Grand Staircase Escalanta in Utah. It recommends modifying 10national monuments, including shrinking the boundaries of at least four western sites.

EDGAR contained a hole in its test filing system that was exploited by hackers to gain access to nonpublic information.

The SEC hasn't said whether it is investigating the hack at Equifax, but the agency for years has leaned on publicly traded corporations to strengthen their own cybersecurity systems.

He was assured in his belief that there was no personal data exposed in the breach.

While the SEC handles non-public drafts of rules and personally-identifiable information, it said it doesn't believe the breach led to unauthorized access of that type of data, endangered the operations of the agency, or resulted in "systemic risk".

Cyber criminals have targeted financial information hubs before - the Hong Kong stock exchange and the Nasdaq stock exchange in NY were targeted by hackers in 2011.

"Failure to do so may result in an enforcement action", he warned, although the SEC is yet to ever bring any such action against a non-complying company. Federal prosecutors alleged that 32 traders and hackers reaped more than $100 million in illegal proceeds in a scheme so brazen that the traders would send shopping lists of corporate news releases for sneak-peeking purposes to the hackers in order to place trades. If, however, hackers were able to use nonpublic information to affect stock prices, then bouncing back from a hack may not matter: The damage is done to the market, its investors, and its affected companies. "We must be vigilant".

Other reports by GlobalViralNews

Discuss This Article