Fed agency urging corporate cybersecurity upgrades is hacked

  
Fed agency urging corporate cybersecurity upgrades is hacked
In this March 23, 2017, file photo, Securities and Exchange Commission (SEC) Chairman nominee Jay Clayton testifies on Capitol Hill in Washington at his confirmation hearing before the Senate Banking Committee. The SEC says a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. In a statement posted Wednesday, Sept. 20, evening on the SEC's website, Clayton says a review of the agency's cybersecurity risk profile determined that the previously detected "incident" was caused by "a software vulnerability" in its EDGAR filing system. (AP Photo/Pablo Martinez Monsivais, File)

The federal agency responsible for ensuring that markets function as they should and for protecting investors was hacked last year and the intruders may have used the nonpublic information they obtained to profit illegally.

The disclosure arrived two months after a government watchdog said deficiencies in the computer systems of the Securities and Exchange Commission put the system, and the information it contains, at risk.

In July, the Government Accountability Office issued a critical report about the security measures employed by the SEC, citing a number of deficiencies in "the effectiveness of SEC's controls for protecting the confidentiality, integrity, and availability of its information systems." It issued 26 recommendations that it said would make SEC systems more secure.

According to the SEC, the breach was discovered last year, but the possibility of illicit trading was uncovered only last month. It did not explain why the hack itself was not revealed sooner, or which individuals or companies may have been impacted.

In a prepared statement, SEC Chairman Jay Clayton said a review of the agency's cybersecurity risk profile determined that the previously detected incident was caused by "a software vulnerability" in its filing system known as EDGAR, short for Electronic Data Gathering, Analysis, and Retrieval system. Clayton said SEC has been conducting an assessment of its cybersecurity since he took over as chairman in May.

The SEC files financial market disclosure documents through its EDGAR system, which processes more than 1.7 million electronic filings in any given year. Those documents can cause enormous movements in the market, sending billions of dollars in motion in fractions of a second.

The revelation from the critical agency comes as Americans grapple with the repercussions of a massive, months-long hack at the credit agency Equifax, which exposed highly sensitive personal information of 143 million people. Clayton said the agency's breach did not result in exposing personally identifiable information.

The SEC hasn't said whether it is investigating the hack at Equifax, but the agency for years has leaned on publicly traded corporations to strengthen their own cybersecurity systems.

An investigation into the breach and its possible consequences is ongoing, and the SEC said that it is cooperating with the "appropriate authorities."

Explore further: Equifax says 100,000 Canadians' data hacked