The US Securities and Exchange Commission has revealed that its electronic company filings system was hacked previous year and the information may have been traded on, writes Dave Michaels for The Wall Street Journal.
The SEC disclosure came two weeks after credit-reporting company Equifax Inc said a breach has exposed sensitive personal of data up to 143 million us customers, and follows last year's cyber attack on SWIFT, the global bank messaging system.
No report yet on the size of the gains, which may have been major. The agency said the attackers had exploited a weakness in a part of the EDGAR system and it had "promptly" fixed it.
Mr Clayton said that companies needed to consider whether they were adequately disclosing "information about their risk management governance and cyber security risks" to the public. In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. The statement didn't explain the delay in the announcement, the exact date the system was breached and whether information about any specific company was targeted.
Clayton said that intrusions were a reality in the current environment.
Clayton revealed in a statement last night that hackers exploited a software vulnerability in the regulator's EDGAR filing system.
Tropical storm warning expanded to US northeast
A hurricane watch is typically issued 48 hours before the anticipated first occurrence of tropical-storm-force winds . National Hurricane Center forecasters don't expect it to gain tropical storm strength within the next few days.
The SEC has also been dealing with attempts to seed EDGAR with bad data to affect financial markets.
Cyber criminals have targeted financial information hubs before - the Hong Kong stock exchange and the Nasdaq stock exchange in NY were targeted by hackers in 2011. In the case of the Equifax breach, credit card numbers for about 209,000 USA consumers, and certain dispute documents with personal identifying information for 182,000 U.S. consumers were accessed.
Securities industry rules require companies disclose cyber breaches to investors and the SEC has investigated firms over whether they should have reported incidents sooner. Insider trading can undermine trust in the stock market, as well as damaging a company's stock price.
Our question is, who should be responsible for protecting your personal information online? He did not provide many details about the breach or the extent of any illegal trading.
SEC chairman Jay Clayton revealed the hack in a larger statement on cybersecurity at the agency. "We must be vigilant".
The SEC uses the EDGAR system for oversight of the system of public reporting by issuers and other registrants.