A stark reminder of the vulnerability of government and business computer systems to cyber attacks was highlighted yet again on Wednesday when a top U.S. financial regulator revealed hackers had breached their electronic database of market-moving corporate announcements. Not just was the database exposed, but it now appears that the hackers behind the breach also profited from information gained there. The U.S. Securities and Exchange Commission’s Edgar filing system was breached in 2016 according to the regulator but it wasn't until last month that the agency realized the cyber criminals likely profited by making illicit trades.
Edgar contains millions of filings from corporations including quarterly earnings, mergers and acquisitions.
The hackers were able to infiltrate the SEC's system to view announcements before they were made public which allowed them to make trades they knew would become profitable. The treasure trove of information was enough to make anyone rich who had access to it. SEC Chairman Jay Clayton said the SEC is in the process of reviewing the breach and determining exactly what information was compromised and is "coordinating with the appropriate authorities." The SEC announcing the cyber attack comes just weeks after the credit-reporting giant Equifax Inc. revealed a series of breaches that compromised millions of users personal data.
Bradley Bondi is a former SEC enforcement attorney who is now working in the private sector and weighed in on the SEC breach, "This hack illustrates that protecting against hackers isn’t as easy as the government sometimes expects of companies. Everyone is vulnerable at any time." Since the investigating is ongoing, the SEC did not reveal exactly which companies were affected by the 2016 breach. They did reveal that they know how the breach occurred which was due to a software vulnerability in Edgar and has since been "patched promptly after discovery."
Tips? Info? Send me a message!