Statement on Cybersecurity Chairman Jay Clayton, Sept. 20, 2017
“…Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems. In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities. As another example, our Division of Enforcement has investigated and filed cases against individuals who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movements…”
Updates pertaining to the breach:
- WSJ – SEC Draws Scrutiny for Slow Response to Hack – Top officials at agency remained unaware of breach for months after it occurred
- The Register – SEC ‘fesses to security breach, says swiped info likely used for dodgy stock-market trading – EDGAR database a veritable goldmine of financial tips
- cnet – After breach, SEC says hackers used stolen data to buy stocks – After accessing the Security and Exchange Commission’s nonpublic filings, hackers may have used the stolen data to pad their portfolios with tomorrow’s hot stocks.