Hackers may have profited from SEC breach

The hack of the agency's Edgar filing system occurred in 2016, but the regulator didn't conclude until last month that the cybercriminals may have used their bounty to make illicit trades

Sep 21, 2017 @ 9:15 am

By Bloomberg News

The vulnerability of governments and businesses to cyberattacks was exposed again Wednesday when a top U.S. financial regulator said hackers had breached its electronic database of market-moving corporate announcements, and may have profited from the information they stole.

The hack of an aspect of the U.S. Securities and Exchange Commission's Edgar filing system occurred in 2016, the regulator said in a statement. But it wasn't until last month that the agency concluded the cybercriminals involved may have used their bounty to make illicit trades.

Edgar houses millions of filings on corporate disclosures ranging from quarterly earnings to statements on mergers and acquisitions. Infiltrating the SEC's system to review announcements before they are released publicly would serve as a virtual treasure trove for a hacker seeking to make easy money.

SEC Chairman Jay Clayton said the agency's review of the breach is ongoing and that it's "coordinating with the appropriate authorities."

The SEC's disclosure comes just two weeks after credit-reporting company Equifax Inc. said it had been a victim of a hack that may have led to the theft of personal data on 143 million Americans. With the public and lawmakers still reeling from Equifax's breach, the SEC intrusion is almost certain to trigger additional questions over whether the U.S. government can do more to protect data.

"This hack illustrates that protecting against hackers isn't as easy as the government sometimes expects of companies," said Bradley Bondi, a former SEC enforcement attorney now in private practice. "Everyone is vulnerable at any time."

The SEC didn't say which companies may have been impacted by the 2016 intrusion. Chris Carofine, a spokesman for Clayton, declined to comment when asked what type of information was improperly accessed.

The breach occurred because of a software vulnerability in Edgar, the SEC said in its statement. While the weakness was "patched promptly after discovery," it still resulted in hackers gaining access to nonpublic information, according to the agency.

The SEC discussed the 2016 hack in a lengthy statement by Clayton on the agency's cybersecurity efforts. He described some of the threats and data that the agency routinely handles, its role in policing the online world, and how it coordinates with other federal agencies.

While the SEC handles non-public drafts of rules and personally-identifiable information, it said it doesn't believe the breach led to unauthorized access of that type of data, endangered the operations of the agency, or resulted in "systemic risk."

Still, Wednesday's disclosure may heighten concerns around the Consolidated Audit Trail, an enormous database of equity trades that is being built to give regulators better transparency into markets and help them figure out more quickly the causes of disruptions.

Financial firms have expressed concern about data breaches once the new database is completed. The repository could include personal information such as names and addresses from more than 100 million customer accounts.

The SEC said it has been conducting an assessment of its cybersecurity since Clayton took over as chairman in May. The former Wall Street deals lawyer has discussed cyberrisks on multiple occasions in the context of the threats public companies face and their responsibilities to protect themselves. The SEC regulates what companies must disclose to shareholders about breaches.

Last week, in response to a reporter's question about the fallout from the recent Equifax hack, Clayton said the agency was working to increase public awareness of the "substantial systemic risks" associated with cybersecurity.

The data stolen from Equifax included Social Security numbers, drivers license information and birth dates. Banks rely on the information that Equifax and other credit-reporting companies provide in determining whether consumers should get loans.


What do you think?

View comments

Recommended for you

Sponsored financial news

Upcoming Event

May 02


Women Adviser Summit

The InvestmentNews Women Adviser Summit, a one-day workshop now held in four cities due to popular demand, is uniquely designed for the sophisticated female adviser who wants to take her personal and professional self to the next level.... Learn more

Featured video


Top questions surrounding future of DOL fiduciary rule

Reporter Greg Iacurci and managing editor Christina Nelson discuss the biggest uncertainties springing from the Fifth Circuit Court of Appeals' decision to vacate the regulation.

Latest news & opinion

DOL fiduciary rule likely to live on despite appeals court loss

Future developments will hinge on whether the Labor Department continues the fight to remake the regulation its own way.

DOL fiduciary rule: Industry reacts to Fifth Circuit ruling

Groups on both sides of the fiduciary debate had plenty to say.

Fifth Circuit Court of Appeals vacates DOL fiduciary rule

In split decision, judges say agency exceeded authority.

UBS, after dumping the broker protocol, continues to see brokers come and go

The wirehouse has seen 14 individuals or teams leave and five join for a net loss of $2.4 billion in AUM

Merrill vets ready to recharge breakaway recruiting efforts

After regrouping in wake of broker-protocol exits, Snowden Lane Partners is ready to recruit wirehouse brokers and RIAs.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting investmentnews.com? It'll help us continue to serve you.

Yes, show me how to whitelist investmentnews.com

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print