SEC Probes Whether Hackers Used Stolen Data for Illegal Trades

Bill Rogers
September 22, 2017

Photo The Securities and Exchange Commission said a digital attack past year may have exposed information that could have been exploited for trading purposes.

Beyond that there are few details, including why the SEC waited until now to disclose the attack.

No report yet on the size of the gains, which may have been major.

The SEC first detected the intrusion in 2016 but only last month became aware that stolen information may have been used for illegal trades.

"When you have one central repository for all this information - man, that's a target", said Republican Representative Bill Huizenga, chairman of the House subcommittee on Capital Markets, Securities, and Investment, which oversees the SEC.

He assured that the cyberattack did not expose any personal information, but "may have provided the basis for illicit gain through trading".

More news: BSF foils major infiltration bid along India-Pak border in Amritsar

Clayton said that the vendors that SEC works with have also exposed the agency to vulnerabilities because "a weakness in vendor systems or software products may provide a mechanism for a cyber threat actor to access SEC systems or information through trusted paths".

The SEC said on Wednesday evening it discovered last month that cyber criminals may have used a hack detected in 2016 to make illicit trades. When the chairman of the SEC says he wants his organization to create a resilient market it's hard to think that can happen if "there will be intrusions". The credit reporting agency said hackers infiltrated its system, stealing significant personally identifiable information through a vulnerability in a US website application. The SEC sometimes handles its own sensitive information, including disclosures that companies are allowed to keep away from investors. The statement also detailed steps the SEC is taking to shore up its cybersecurity through the appointment of a new senior-level security workgroup, risk monitoring, and incident response improvements.

Chris Pierson, CSO at electronic payment provider Viewpost, said the SEC breach was especially significant because the SEC's Division of Corporation Finance "spearheaded the requirement that public entities disclose material cybersecurity risks".

"We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission or result in systemic risk", Mr. Clayton wrote. "We must be vigilant".

Wall Street's top regulator came under fire on Thursday about its cyber security and disclosure practices after admitting hackers had breached its database of corporate announcements in 2016 and may have used it for insider trading.

Other reports by TheSundaySentinel

Discuss This Article