The Commission doesn't believe the event exposed personally identifiable information or produced systemic risk. He blamed software vulnerably for the intrusion and said it was "patched promptly after discovery". "By making legitimate trades, they avoid the watchful eye of law enforcement scanning the black market for criminals selling stolen information".
The SEC didn't say which companies may have been impacted by the 2016 intrusion. That breach was discovered in 2016, he said, but the SEC did not learn about the possibility of unlawful trading until 2017.
The federal agency responsible for ensuring that markets function as they should and for protecting investors was hacked past year and the intruders may have used the nonpublic information they obtained to profit illegally. Brad Kellersenior director, Prevalent Inc.
Last week, in response to a reporter's question about the fallout from the recent Equifax hack, Clayton said the agency was working to increase public awareness of the "substantial systemic risks" associated with cybersecurity. Attacks on U.S. financial institutions are rare but not unprecedented.
By promoting effective cybersecurity practices in connection with both the Commission's internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency. Buried about 1,400 words in, you'll find an eyebrow-raising disclosure - the SEC was apparently hacked in 2016. "Taking this a step further, it suggests that they don't fully appreciate what information truly needs to be protected".
But it is what the unknown hackers were able to see and make use of that has forced SEC to disclose the breach.
"[This] is a watershed event for the American financial system and markets", Pierson told SearchSecurity. The admission means that the intrusion was potentially far more serious than that in April 2015, when a Bulgarian hacker uploaded a fake press release to EDGAR about Avon Products being taken private by a fictional PE group.
The breach occurred because of a software vulnerability in Edgar, the SEC said in its statement.