SEC Says It Was a Victim of a Computer Hack Last Year

Gladys Abbott
September 22, 2017

The Securities and Exchange Commission says the infiltration of the Edgar system - which houses non-public filings on upcoming corporate earnings statements and pending mergers and acquisitions - was detected in 2016 but it only realised last month that data stolen from the database may have been used for illicit trading.

The SEC has announced an eye-opening revelation-its online EDGAR filing system was hacked in 2016, and the hackers may have used the data to execute trades on non-public information. Its announcement comes about two weeks after credit reporting agency Equifax said a major hack may have exposed personal data on as many as 143 million people.

Although the problem was nearly immediately patched in 2016, it's noteworthy that the regulator only became aware that the glitch could have provided the basis for "illicit gains through trading" last month.

The country's top Wall Street regulator says a cyberattack past year breached its system for storing documents filed by companies, possibly allowing hackers to make illegal profits.

'Malicious attacks and intrusion efforts are continuous and evolving and, in certain cases, they have been successful at the most robust institutions and at the SEC itself.

More news: Riverdale Star Crashes Car Following 16-Hour Workday

An investigation into the breach and its possible consequences is ongoing, and the SEC said that it is cooperating with the "appropriate authorities".

Securities and Exchange Commission Chairman Jay Clayton disclosed in a lengthy statement late Wednesday that a hack was detected a year ago.

The commission's disclosure follows hard on the heels of news of a major breach at credit reference agency Equifax that affected 143 million U.S. consumers. The admission means that the intrusion was potentially far more serious than that in April 2015, when a Bulgarian hacker uploaded a fake press release to EDGAR about Avon Products being taken private by a fictional PE group. The intrusion was detected in 2016 and the software vulnerability was patched promptly, the statement said.

Specifically, hackers exploited a software vulnerability in the SEC's "EDGAR" system, a vast archive of financial records for companies listed on the U.S. stock exchange. A number of filings are immediately posted on Edgar when they are submitted to the database, so it's unclear what kind of information is kept non-public that could be a target for hackers.

Other reports by LeisureTravelAid

Discuss This Article