SEC Announces It was Hacked in 2016

The United States’ top securities regulator announced on Wednesday that its computer systems were hacked in 2016. Hackers took private information that could have been used for trading.

The new disclosure, which comes just after the data breach announced by Equifax, is likely to deepen the concerns over possible computer vulnerabilities lurking amongst the pillars of the financial system in the U.S.

The Securities and Exchange Commission through a prepared statement said that an investigation was still ongoing over the breach of the corporate filing system.

The system, known as Edgar, is used to make required filings by companies to the federal agency.

The agency announced that it first learned last month that that a data breach had been detected in 2016, which resulted in the access to information that was nonpublic. It added in the statement that the security vulnerability that was used in the hack was patched shortly after being discovered.

The SEC said the hacking might have provided sufficient enough information to make an illicit gain via trading.

The agency did not release further information of the attack including if it resulted in the disclosure of any private data about any particular companies.

The breach at Equifax, which was focused on one of its databases containing personal information of over 143 million people, has place attention on vulnerabilities of companies that handle personal financial data that is highly sensitive.

The SEC at times handles sensitive data as well, including disclosures by companies that can be kept form investors. That information could allow for traders to have an edge.

In July, the Government Accountability Office released a report that found the information systems at the SEC had deficiencies that limited effectiveness of the control by the agency for protecting integrity, availability and confidentiality.

It found as well the SEC had not been always encrypting information along with failing to implement recommendation from the GAO in full, which would have helped to detect an intrusion.

The SEC in responding to the report said it agreed with the GAO recommendations and had added several of the GAO’s suggestions.

The new director of the SEC Walter Clayton said the agency was going to work to improve the protections it has for its systems.

If data stolen from the Edgar system of the SEC was used by the hackers to make stock trades and earn profits, it would be the latest in an area of new concern for U.S. regulators.