CATEGORIES
home News

SEC Says Hackers Infiltrated Its EDGAR Filing Database Leading To Illegal Stock Trades

by Brandon HillThursday, September 21, 2017, 04:58 PM EDT

Equifax may be now getting its public lashings for a cybersecurity breach that resulted in personal information of 143 million Americans being exposed to hackers, but it appears that the Securities and Exchange Commission (SEC) has a few skeletons in its closet as well.

The regulatory agencies announced late last night that its EDGAR database was hacked last year. At the time, the SEC did not make any public disclosures regarding the hack, which took advantage of a vulnerability in the EDGAR test filing system. However, once it discovered the intrusion, it quickly patched it and went about its normal activities.

Hacking

However, in August 2017, the SEC noticed that the prior EDGAR infiltration might have given bad actors the means to make "illicit gains through trading." Before the vulnerability was patched, the hackers were able to access non-public information, but did not get their digital mitts on "personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk."

“We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery," wrote SEC Chairman Jay Clayton in a statement.

“By promoting effective cybersecurity practices in connection with both the Commission’s internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency.”

chairman clayton bio 1
SEC Chairman Jay Clayton

What's interesting is that the SEC decided to bury that news somewhat by issuing a statement after 7PM EST (the major nightly news broadcasts air at 6:30 PM EST). It's also well outside of the hours that financial investors would be paying attention to what actually took place. Given that the SEC is alleging that insider trading took place as a result of this reach, it's definitely rather curious timing. However, it's not nearly as underhanded as issuing a press release on a Friday night (where news goes to die).

We still have many questions regarding this [now] disclosed cybersecurity incident at the SEC. Why did it take nearly a year for the regulatory agency to disclose the breach, which we now know may have impacted investors via insider trading? Why did the SEC take a month -- after it realized what had taken place with regards to insider trading -- to bring this information to the public?

We have the feeling that there will be a least a few hearings up on Capitol Hill to see who really knew what and when with regards to this latest cybersecurity slip-up.

Tags:  security, Hackers, SEC, cybersecurity, edgar
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment