SEC hack unsettling, but it’s no Equifax
Thieves may have used the stolen data to make illegal trades
The Securities and Exchange Commission was in the hot seat after it admitted hackers made their way into its EDGAR electronic filing system last year and made off with information it believes might have been used to make money illegally in the stock market.
U. S. lawmakers were stung by the news, late Wednesday, of the breach of the SEC’s sensitive corporate data — a disclosure that comes just two weeks after the Equifax breach was revealed.
A Senate banking committee will seek answers Tuesday in Washington, when members, at a previously scheduled hearing, will likely grill SEC chairman Jay Clayton on the timeline and details of the data breach.
The breach involving Wall Street’s top cop may be an unsettling “burglary” of market- moving data, but it’s no Equifax in terms of consumer exposure. However, the hack that allowed cyber thieves to burrow into a government regulator’s database filled with millions of corporate filings about earnings, mergers and digital trading footprints does little to instill confidence in the integrity of the market that millions of Americans depend on to fuel their 401( k) and pension investments.
“It won’t make mom- and- pop inves- tors feel comforted to know that the regulator keeping their investments safe got hacked,” says Joe Saluzzi, co- founder of Themis Trading and co- author of Broken Markets.
Members of the House of Representatives also say they are in fact- finding mode.
In an interview with USA TODAY, Rep. Bill Huizenga of Michigan, a Republican and chair of the House subcommittee on Capital Markets, Securities and Investment, said, “We all need to dive in more deeply as to what happened here.”
What troubles Huizenga is the fact that everyone knows the SEC is a prime target of hackers, “and clearly not enough attention was paid to securing” the corporate data in its filing system.
But security experts say the financial fallout for everyday Americans might not be as bad as feared.
“This hack is different than the Equifax or Target hacks,” says Lev Lesohkin, executive vice president of New Yorkbased CAST, a software intelligence company. “The hackers ( in the SEC data theft) are not going after consumer data” that could be used to steal a person’s identity.
It was only in August the SEC learned that hackers may have been able to use their illegal activities to make ill- gotten gains through market trading, the SEC’s Clayton said in a statement posted on the SEC’s website late Wednesday.
EDGAR, which stands for Electronic Data Gathering Analysis and Retrieval, is considered critical to the ability of investors to see the electronic filings of companies, brokerage firms and mutual funds. The SEC says about 50 million documents are viewed on a typical day.