17 October 2017
Register now

SEC data breach: hackers accessed personal information

02 October 2017  |  5164 views  |  0 safelock

The Securities and Exchange Commission says that crooks may have accessed the personal information of two people during the 2016 breach at its Edgar corporate disclosure database.

In an update on the breach, first disclosed last month, SEC chairman Jay Clayton says that a test filing accessed by the hackers contained the names, dates of birth and social security numbers of the two unnamed people, who have been informed and offered ID theft protection.

On 20 September, Clayton revealed that the infiltration of the Edgar system - which houses non-public filings on upcoming corporate earnings statements and pending mergers and acquisitions - was detected in 2016 but that the watchdog only realised in August that data stolen may have been used for illicit trading.

In his update today, the chairman says: "The 2016 intrusion and its ramifications concern me deeply. I am focused on getting to the bottom of the matter and, importantly, lifting our cybersecurity efforts moving forward."

A review of the intrusion is being carried out by the Office of Inspector General, while the Division of Enforcement is looking into any potential illicit trading. Meanwhile, the SEC says that it is increasing resources for modernisation of Edgar, bringing in outside consultants and increasing the focus on cyber security.

"Chairman Clayton has authorised the immediate hiring of additional staff and outside technology consultants to aid in the agency’s efforts to protect the security of its network, systems and data," says the regulator.

Clayton initiated an assessment of the SEC's cybersecurity risk profile upon taking office in May. Components of this initiative have included the creation of a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.

The watchdog was hauled over the coals by the US Government Accountability Office (GAO) in July, in a report which accused the agency of failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

SEC says hackers may have profited from 2016 breach

SEC says hackers may have profited from 2016 breach

21 September 2017  |  6156 views  |  0 comments | 3 tweets | 8 linkedin
SEC told to improve cyber attack defences

SEC told to improve cyber attack defences

28 July 2017  |  13721 views  |  0 comments | 10 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.temenos.comRegister nowvisit www.innotribe.com

Top topics

Most viewed Most shared
Ripple looks to drive bank adoption with $300m XRP rebate programmeRipple looks to drive bank adoption with $...
14396 views comments | 11 tweets | 3 linkedin
Taiwan's Far Eastern International Bank suffers malware attackTaiwan's Far Eastern International Bank su...
13048 views comments | 16 tweets | 22 linkedin
Monzo fends off suitors as current account upgrade beginsMonzo fends off suitors as current account...
8950 views comments | 17 tweets | 14 linkedin
Swift positive on blockchain, but big challenges remainSwift positive on blockchain, but big chal...
7887 views comments | 15 tweets | 20 linkedin
Ripple blockchain network hits 100-member markRipple blockchain network hits 100-member...
7592 views comments | 13 tweets | 13 linkedin

Featured job

Competitive
London, UK (or flexible)

Find your next job