SEC Chairman Clayton issues statement on Cybersecurity

Randall Craig
September 22, 2017

Securities and Exchange Commission Chairman Jay Clayton disclosed in a lengthy statement late Wednesday that a hack was detected a year ago.

A top United States financial regulator faces questions about its preparation for cyber attacks, after disclosing a breach of its database of company filings.

The revelation from the critical agency comes as Americans grapple with the repercussions of a massive, months-long hack at the credit agency Equifax, which exposed highly sensitive personal information of 143 million people. The agency said the attackers had exploited a weakness in a part of the EDGAR system and it had "promptly" fixed it.

It says that the system has been patched to remove this software vulnerability.

It discovered the hack past year, but says that it wasn't until August 2017 that it noticed additional effects of the hack.

"The SEC is a juicy target because they store non-public information, which can be used to exploit the stock market - not exploiting in the technical sense, but using the non-public information to successfully invest in the stock market", Smith told SearchSecurity.

The SEC did not respond when asked about that review or whether it triggered the disclosure, but Clayton said in his Wednesday statement that he began reviewing the agency's cyber risk in May. "Our Division of Enforcement has investigated and filed cases against individuals who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movements", Clayton revealed.

Brad Keller, senior director of third-party strategy at risk management company Prevalent Inc., told SearchSecurity "this suggests is that the SEC, like most companies, doesn't fully understand how the information in its various databases can be used".

It is not believed that any personally identifiable information or SEC operations were compromised, the agency added.

However, hackers may have gotten their hands on nonpublic information. The SEC provided little information, so it's still unknown which companies may have been affected or if hackers made a profit.

In a statement, SEC chairman Jay Clayton said that last month it had learned that an incident previously detected in 2016 "may have provided the basis for illicit gain through trading". "We must be vigilant".

In this case, the men were accused of using hackers to break into companies like Business Wire and PR Newswire over a period of five years to steal 150,000 not-yet-public news releases of publicly traded companies.

Other reports by Ligue1talk

Discuss This Article