Click here to sign up for our newsletter & receive a £5 voucher![close]
×

Registration

Profile Informations

Login Details

or login

First name is required!
Last name is required!
First name is not valid!
Last name is not valid!
This is not an email address!
Email address is required!
This email is already registered!
Password is required!
Enter a valid password!
Please enter 6 or more characters!
Please enter 16 or less characters!
Passwords are not same!
Terms and Conditions are required!
Email or Password is wrong!

SEC Says Hackers Infiltrated Its EDGAR Filing Database Leading To Illegal Stock Trades

Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well.

The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its normal activities.

Hacking

However, in August 2017, the SEC noticed that the prior EDGAR infiltration might have given bad actors the means to make "illicit gains through trading." Before the vulnerability was patched, the hackers were able to access non-public information, but did not get their digital mitts on "personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk."

“We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery," wrote SEC Chairman Jay Clayton in a statement.

“By promoting effective cybersecurity practices in connection with both the Commission’s internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency.”

chairman clayton bio 1

What's interesting is that the SEC decided to bury that news somewhat by issuing a statement after 7PM EST (the major nightly news broadcasts air at 6:30 PM EST). It's also well outside of the hours that financial investors would be paying attention to what actually took place. Given that the SEC is alleging that insider trading took place as a result of this reach, it's definitely rather curious timing. However, it's not nearly as underhanded as issuing a press release on a Friday night (where news goes to die).

We still have many questions regarding this [now] disclosed cybersecurity incident at the SEC. Why did it take nearly a year for the regulatory agency to disclose the breach, which we now know may have impacted investors via insider trading? Why did the SEC take a month -- after it realized what had taken place with regards to insider trading -- to bring this information to the public?

We have the feeling that there will be a least a few hearings up on Capitol Hill to see who really knew what and when with regards to this latest cybersecurity slip-up.

Go to Source