The Securities and Exchange Commission (SEC) said Wednesday that hackers accessed the Commission’s EDGAR test filing system in 2016, and may have provided the basis for illicit gain through trading.
Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information, SEC Chairman Jay Clayton revealed in a statement.
SEC’s EDGAR filing system is the central repository for market-moving information on corporate America. Access to such information before it is made public would allow those with the knowledge to trade on the information.
According to Clayton, the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.
“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” said Clayton. “We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”
An internal investigation has been launched, although no details were given.