SEC says corporate-filing database hacked
The electronic database that stores public-company filings, including regulatory announcements, was hacked, the Securities and Exchange Commission said late Wednesday.
The attack by cyber thieves could have allowed the crooks to obtain yet-to-be-released information and then trade on the market-moving data to profit illegally, the SEC said.
While the SEC first detected the breach of an aspect of its Edgar filing system in 2016, it wasn’t until last month that it learned the incident “may have provided the basis for illicit gain through trading,” the regulator said in a statement.
Edgar houses millions of filings that companies are required to submit to the federal securities regulator so that they can be perused by investors.
SEC Chairman Jay Clayton said the agency’s review of the cyberattack is ongoing and that the agency is “coordinating with the appropriate authorities.”
The breach occurred because of a software vulnerability in Edgar, the agency added.
While the weakness was “patched promptly after discovery,” the cyberattack still resulted in hackers gaining access to nonpublic information, the regulator said.
The FBI, through a spokesman, declined to comment.
The SEC announcement, while troubling by itself, heightens tensions among investors as it comes on the heels of the cyberattack on Equifax, the credit-monitoring company, which put at jeopardy the personal data of up to 143 million Americans.
(See related story on page 37.)