World

SEC Says It Was a Victim of a Computer Hack Last Year

SEC Says It Was a Victim of a Computer Hack Last Year

The top regulator for US financial markets says hackers may have made money from breaking into its corporate filing system and gaining access to inside information about companies.

Cyber criminals have targeted financial information hubs before - the Hong Kong stock exchange and the Nasdaq stock exchange in NY were targeted by hackers in 2011.

Clayton did not delve into details about what information was illicitly obtained, but said the investigation is ongoing and the SEC is "coordinating with appropriate authorities".

Securities and Exchange Commission Chairman Jay Clayton disclosed in a lengthy statement late Wednesday that a hack was detected a year ago.

The SEC announced that hackers exploited security flaws in the agency's Edgar filing system to collect sensitive information from private corporate disclosures.

The hack was first detected in 2016, but the SEC didn't realize until last month that the hackers may have benefited from the data accessed.




The system processes around 1.7 million electronic filings a year, while people access about 50 million pages of the documents on any given day. Securities industry rules require companies to disclose cyber breaches to investors and the SEC has investigated firms over whether they should have reported incidents sooner.

Separately, SEC said it is looking at cases of individuals "who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movements". It said the security vulnerability used in the hack had been patched shortly after it was discovered.

The vulnerability was fixed "promptly after discovery" and the SEC believes it did not "result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk", Clayton added.

The SEC has scored some victories in tackling cyber criminals in recent years.

Clayton's statement also mentioned that a 2014 internal review was unable to locate some agency laptops that may have contained confidential information.