Home United States USA — IT SEC discloses hackers penetrated EDGAR, profited in trading

SEC discloses hackers penetrated EDGAR, profited in trading

205
0
SHARE

The Securities and Exchange Commission says it occurred in 2016.
Hackers made their way into the Security and Exchange Commission’s EDGAR electronic filing system last year, retrieving private data that appear to have resulted in “an illicit gain through trading,” the agency reported Wednesday.
It was only in August that the commission learned that hackers may have been able to use their illegal activities to make ill-gotten gains through market trading, said Chairman Jay Clayton in a lengthy statement posted on the SEC’s website.
The disclosure comes the same month that Equifax, one of the nation’s three largest credit bureaus, disclosed that hackers were able to access the private financial data of 143 million consumers.
EDGAR, which stands for Electronic Data Gathering Analysis and Retrieval, is considered critical to the SEC’s operation and the ability of investors to see the electronic filings of companies and markets. The SEC says about 50 million documents are viewed through EDGAR on a typical day. It receives about 1.7 million filings a year.
But the system also processes non-public corporate documents, which can make it a target for hackers. Many have tried to gain access.
“We are the subject of frequent attempts by unauthorized actors to disrupt access to our public-facing systems, access data or otherwise cause damage to our technology infrastructure,” wrote Cutler in his “Statement on Cybersecurity.”
Some hackers have tried to put fraudulent filings in the system or have tried to shut out access by all by overloading the system with mass cyber attacks.
In the case of the 2016 attack in which hackers gained access, Cutler wrote that a software vulnerability in a test filing system was found to be at fault. He said it was immediately patched after the intrusion was discovered, but not before hackers gained access to non-public information.
“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission or result in systemic risk,” he wrote.
The illegal penetration of the system is under investigation. In the past, he said the SEC has brought cases against those who tried to plant phony documents in SEC files, hoping to cash from the resulting change in stock price as investors reacted.

Continue reading...