The Securities and Exchange Commission says cybercriminals got into the agency’s files last year and accessed information that might have been used to give them a secret edge in trading.
The SEC says it had known about the intrusion in 2016 into its Edgar filing system, but learned this month that “nonpublic information” accessed may have been used for “illicit gain.”
“Edgar houses millions of filings that companies are required to submit to the SEC so that they can be perused by investors,” as noted by Bloomberg.
The agency says the “software vulnerability … was patched promptly after discovery,” and didn’t reveal any personally identifiable information.
A statement by SEC Chairman Jay Clayton notes that potential damage done by cybercrime increases all the time, and that “a large portion of the costs … are borne by investors, consumers and other important constituents.”
Politico reports that Congress has questioned the SEC about Edgar’s security:
“In May 2015, Sen. Chuck Grassley (R-Iowa) asked the SEC for information about EDGAR vulnerabilities after an apparent hoax involving Avon Products Inc.
“In October 2014, Rep. Carolyn Maloney (D-N.Y.) raised concerns after an academic study revealed that stock prices were moving about 30 seconds prior to public filings being made available on the SECs website.”