17 December 2017
visit www.aciworldwide.com

SEC data breach: hackers accessed personal information

02 October 2017  |  5862 views  |  0 safelock

The Securities and Exchange Commission says that crooks may have accessed the personal information of two people during the 2016 breach at its Edgar corporate disclosure database.

In an update on the breach, first disclosed last month, SEC chairman Jay Clayton says that a test filing accessed by the hackers contained the names, dates of birth and social security numbers of the two unnamed people, who have been informed and offered ID theft protection.

On 20 September, Clayton revealed that the infiltration of the Edgar system - which houses non-public filings on upcoming corporate earnings statements and pending mergers and acquisitions - was detected in 2016 but that the watchdog only realised in August that data stolen may have been used for illicit trading.

In his update today, the chairman says: "The 2016 intrusion and its ramifications concern me deeply. I am focused on getting to the bottom of the matter and, importantly, lifting our cybersecurity efforts moving forward."

A review of the intrusion is being carried out by the Office of Inspector General, while the Division of Enforcement is looking into any potential illicit trading. Meanwhile, the SEC says that it is increasing resources for modernisation of Edgar, bringing in outside consultants and increasing the focus on cyber security.

"Chairman Clayton has authorised the immediate hiring of additional staff and outside technology consultants to aid in the agency’s efforts to protect the security of its network, systems and data," says the regulator.

Clayton initiated an assessment of the SEC's cybersecurity risk profile upon taking office in May. Components of this initiative have included the creation of a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response efforts throughout the agency.

The watchdog was hauled over the coals by the US Government Accountability Office (GAO) in July, in a report which accused the agency of failing to consistently protect its network boundaries, authenticate users and encrypt sensitive information while in transmission.

Comments: (0)

Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

SEC says hackers may have profited from 2016 breach

SEC says hackers may have profited from 2016 breach

21 September 2017  |  6376 views  |  0 comments | 3 tweets | 8 linkedin
SEC told to improve cyber attack defences

SEC told to improve cyber attack defences

28 July 2017  |  14001 views  |  0 comments | 10 tweets | 12 linkedin

Related company news

 

Related blogs

Create a blog about this story (membership required)
visit www.ebaday.comvisit www.atos.netvisit www.aciworldwide.com

Top topics

Most viewed Most shared
satelliteRipple completes XRP Lockup
10578 views comments | 3 tweets | 2 linkedin
PSD2: Laying the regulatory foundation for a new age in paymentsPSD2: Laying the regulatory foundation for...
10169 views comments | 18 tweets | 36 linkedin
Banks tap Ethereum smart contracts for MiFID II complianceBanks tap Ethereum smart contracts for MiF...
7328 views comments | 9 tweets | 10 linkedin
Banks and fintech startups join forces on blockchain-based supply chain pilotBanks and fintech startups join forces on...
7265 views comments | 19 tweets | 22 linkedin
hands typing furiouslyReshaping Customer Engagement & Da...
6672 views 0 | 4 tweets | 2 linkedin

Featured job

Find your next job