Published: Fri, September 22, 2017
World Media | By Shelia Harmon

SEC reveals hackers might have used stolen data for insider trading

SEC reveals hackers might have used stolen data for insider trading

In a statement published on the Securities and Exchange Commission's website yesterday, SEC Chairman Jay Clayton revealed that the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system was compromised past year.

The US Securities and Exchange Commission (SEC) said yesterday (20 September) that its corporate database had been infiltrated in 2016, but only in August 2017 was it discovered that those responsible may have used their ill-gotten information to dabble in some insider trading.

The admission of the potential insider trading that may have resulted from the SEC breach came 1,400 words into a post of more than 4,000 words about how the SEC "is focused on identifying and managing cybersecurity risks".

Federal securities regulators said late Wednesday that hackers gained access to the government's electronic system for corporate filings and may have made illicit gains by trading on the information. Infiltrating the SEC's system to review announcements before they are released publicly would serve as a virtual treasure trove for a hacker seeking to make easy money. I commend Chairman Clayton for initiating an assessment of the SEC's internal cybersecurity risk profile and approach to cybersecurity from a regulatory perspective.

It said that while the vulnerability was "patched promptly after discovery", that did not occur before it "was exploited and resulted in access to nonpublic information".

News of the incident comes after credit reporting agency Equifax earlier this month disclosed a breach that exposed the personal information of 143 million USA consumers.

The statement didn't detail the nature of the information that was taken or how it was used. "As another example, our Division of Enforcement has investigated and filed cases against individuals who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movements". While the SEC has been aware of the breach since 2016, it wasn't until last month that the agency concluded that the cybercriminals involved may have used their bounty to make illicit trades. The statement said that it didn't believe any personally identifiable information or SEC operations were compromised and that an investigation was continuing. "We must be vigilant".

The SEC has experienced other security risks in recent years.

Clayton said attempts to hack the financial industry would continue.

Like this: