A top Senate Democrat on Thursday said the private and public sector needs to boost its cybersecurity after the Securities and Exchange Commission (SEC) revealed that hackers might have profited off of insider information stolen from the agency's disclosure filing system. The SEC says a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. The regulator disclosed the intrusion for the first time Wednesday. But the regulator learned a year ago that it had failed to keep closely guarded corporate secrets safe from hackers - and only just told the public about it after learning cyber-criminals may have placed profitable trades using the stolen information.
The investigation into the SEC data hack is still in progress and the organization is working with the appropriate authorizes on the matter. "Everyone is vulnerable at any time". But the damage was done, and in a statement, the commission said it found evidence in August that the intrusion may have given someone enough data to play the markets. Chris Carofine, a spokesman for Clayton, declined to comment when asked what type of information was improperly accessed.
The mechanism of the SEC breach remains unclear.
News of the incident comes after credit reporting agency Equifax earlier this month disclosed a breach that exposed the personal information of 143 million U.S. consumers. The repository could include personal information such as names and addresses from more than 100 million customer accounts.
Specifically, hackers exploited a software vulnerability in the SEC's "EDGAR" system, a vast archive of financial records for companies listed on the USA stock exchange. Through the flaw, the intruders were able to obtain information that hadn't been made public, Clayton said. The SEC regulates what companies must disclose to shareholders about breaches.
"Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems", Clayton said in the statement.