SEC under fi re for being hacked
WASHINGTON — The Securities and Exchange Commission waited until Wednesday to disclose a hack of its corporate filing system that occurred last year. The disclosure raises questions about the agency’s ability to protect important financial
information and comes as Americans are still weighing the consequences of the massive hack at Equifax.
The SEC, as the federal agency responsible for ensuring that markets function properly and for protecting investors, is under fire after disclosing the hack of its electronic network for whisking company news and data to investors. The breach occurred despite repeated warnings in recent years about weaknesses in the agency’s cybersecurity controls.
Experts question the length of time taken to disclose the breach, and why the SEC isn’t meeting the same security standards it demands of
corporate America.
While it discovered the breach to its corporate filing system last year, the agency says it only became aware last month that information obtained by the intruders may have been used for illegal trading profits.
“It took quite a while,” said Robert Cattanach, an attorney at Dorsey & Whitney and former trial attorney for the Justice Department, whose work includes cybersecurity and data breaches. “The integrity of our whole trading system is dependent on keeping this information secure. ... People have got some ‘splaining to do.”
The SEC didn’t explain why the initial hack was not revealed sooner, or which individuals or companies may have been affected. The disclosure came two months after a government watchdog said deficiencies in the corporate filing system put the system, and the information it contains, at risk.
The agency also didn’t disclose any information about who might have carried out the breach. A hack by Chinese or Russian actors can’t be ruled out, experts say.
The hack was disclosed by SEC Chairman Jay Clayton in a statement posted to the agency’s website. It comes just two weeks after the credit agency Equifax revealed a stunning cyberattack that exposed highly sensitive personal information of 143 million people.
Clayton is scheduled to appear Tuesday before the Senate Banking Committee, and he is certain to be questioned about the hack.