Sensitive and confidential information was hacked and stolen from the U.S. Securities and Exchange Commission’s (SEC) protected electronic database, EDGAR, sometime ago but its larger ramifications came to limelight only recently.
The event which has created a scam of national proportion, has put the Commission in a spot. It was found wanting on two counts:
- How the highly sensitive information pertaining to quarterly earnings to settlements and M&A details of listed companies were not fully protected by EDGAR, supposedly a high-profile, safe-custody cyber position within the SEC
- Why the breach that occurred way back in 2016 was not reported at the time of the break-in, or was kept under wraps to the stakeholders for months
SEC suspected that hackers who breached the electronic database EDGAR that contained important information regarding market-moving corporate announcements may have profited by the info that they stole.
A prompt statement issued by SEC, immediately after the event, said that the weakness was ‘patched promptly’ after discovery.
However, SEC did not reveal which companies may have been impacted by the 2016 intrusion.
The disclosure came in as a part of ongoing assessment of SEC’s cyber security risk profile that was initiated by Jay Clayton, Chairman, SEC, after he took over the office in May 2017.
“Cybersecurity is critical to the operation of our markets and the risks are significant and in many cases systemic. We must be vigilant. We also must recognize-in both the public and private sectors, including SEC- that there will be intrusions, and that a key component of cyber risk management is resilience and recovery”, said Jay Clayton.
What is ironical about the hack is the fact that the leak occurred from an institution that is tasked with protecting investors and financial markets.
As per the rules of the security industry, any breach has to be disclosed to initiate a proper investigation and plugging the loop-holes.
SEC, itself, has investigated firms if they had been too late in reporting hacks and breaches.
With the financial industry still reeling from Equifax’s breach, SEC intrusion has resonated the warning that everyone is vulnerable.
Enough to say, fighting cyber crime is no ordinary warfare. As is evident, it takes much corporate will, resilience and conviction.