25 February 2018
visit www.nextgenbanking.co.uk/

SEC says hackers may have profited from 2016 breach

21 September 2017  |  6541 views  |  0 Graph with fingers measuring

Wall Street's top regulator says that a 2016 breach at its corporate disclosure database may have enabled hackers to profit from trading on inside information.

The Securities and Exchange Commission says the infiltration of the Edgar system - which houses non-public filings on upcoming corporate earnings statements and pending mergers and acquisitions - was detected in 2016 but it only realised last month that data stolen from the database may have been used for illicit trading.

The revelations were made by SEC chairman Jay Clayton in a statement highlighting the importance of cybersecurity to the agency and market participants.

"In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading," says Clayton. "Specifically, a software vulnerability in the test filing component of the Commission’s Edgar system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. It is believed the intrusion did not result in unauthorised access to personally identifiable information, jeopardise the operations of the Commission, or result in systemic risk."

The statement is part of an ongoing assessment of the SEC’s cybersecurity risk profile that Clayton initiated upon taking office in May. Components of this initiative have included the creation of a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.

The watchdog was hauled over the coals by the US Government Accountability Office (GAO) in July, in a report which accused the agency of failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission.

“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” says Clayton. “We must be vigilant. We also must recognise — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

SEC told to improve cyber attack defences

SEC told to improve cyber attack defences

28 July 2017  |  14186 views  |  0 comments | 10 tweets | 12 linkedin
US regulators set out new cybersecurity standards

US regulators set out new cybersecurity standards

19 October 2016  |  8007 views  |  0 comments | 21 tweets | 22 linkedin
SEC bills cyber threats as biggest risk to financial markets

SEC bills cyber threats as biggest risk to financial markets

18 May 2016  |  5817 views  |  0 comments | 6 tweets | 11 linkedin
US watchdog begins cybersecurity probes

US watchdog begins cybersecurity probes

25 June 2014  |  6324 views  |  0 comments | 8 tweets | 6 linkedin
Watchdog criticises SEC cybersecurity

Watchdog criticises SEC cybersecurity

22 April 2014  |  5275 views  |  0 comments | 6 tweets | 3 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
Visit http://info.nice.comVisit www.vasco.comRegister for the webinar

Top topics

Most viewed Most shared
Ripple makes new connections to emerging marketsRipple makes new connections to emerging m...
12667 views comments | 16 tweets | 10 linkedin
hands typing furiouslySome Interesting Applications Of The Inter...
10834 views 4 | 9 tweets | 1 linkedin
Basel Committee outlines disruptive fintech scenariosBasel Committee outlines disruptive fintec...
9332 views comments | 15 tweets | 26 linkedin
Investment Association sets up fintech accelerator for asset managersInvestment Association sets up fintech acc...
8692 views comments | 19 tweets | 10 linkedin
R3 creates Legal Centre of Excellence for blockchain technolgyR3 creates Legal Centre of Excellence for...
8636 views comments | 11 tweets | 14 linkedin

Featured job

Basic c. EUR 90K OTE c. EUR 180K plus full bene...
Paris (preferred) or London

Find your next job