Cyberattacked: The SEC Joins the Club
On Sept. 20, the Securities and Exchange Commission announced that its system for electronic filing for public company disclosures, EDGAR, was compromised…
October 03, 2017 at 05:12 PM
7 minute read
The original version of this story was published on Law.com
On Sept. 20, the Securities and Exchange Commission announced that its system for electronic filing for public company disclosures, EDGAR, was compromised last year and that hackers may have used exposed information for illicit trading. The disclosure, which provided few details, offered the Commission the opportunity to issue a larger, wide-ranging statement describing its efforts to promote effective cybersecurity practices—inside the Commission itself as well as with respect to the market more broadly and the market participants it regulates. Notably, the statement highlights its continued, active investigation and enforcement of cybersecurity-related failures.
The Statement on Cybersecurity, released by Chairman Jay Clayton on September 20, 2017, did not indicate when the specific cyber-intrusion occurred but acknowledged that it resulted in access to nonpublic information:
In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.
The Statement on Cybersecurity is available in its entirety here. It is unclear whether the 2016 incident occurred before or after a GAO review of the Commission's FY 2016 cybersecurity protocols that found that the agency had not fully implemented certain recommended intrusion detection capabilities. See GAO report, SEC Improved Control of Financial Systems but Needs to Take Additional Actionshere.
Instead of offering detail regarding the incident, the Statement sets forth the Commission's understanding of its role in promoting cybersecurity as “[d]ata collection, storage, analysis, availability and protection (including security, validation and recovery) have become fundamental to the function and performance of our capital markets, the individuals and entities that participate in those markets, and the U.S. Securities and Exchange Commission.” The Statement broadly summarizes key areas of cybersecurity risk faced by both the Commission and its regulated entities:
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
Trending Stories
- 1Wine, Dine and Grind (Through the Weekend): Summer Associates Thirst For Experience in 'Real Matters'
- 2The Law Firm Disrupted: For Big Law Names, Shorter is Sweeter
- 3The 'Biden Effect' on Senior Attorneys: Should I Stay or Should I Go?
- 4BD Settles Thousands of Bard Hernia Mesh Lawsuits
- 5'You Are Not Alone': 120 Sex Assault Victims Plan to Sue Sean 'Diddy' Combs
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250