US SEC says hackers may have traded using stolen insider information


The headquarters of the U.S. Securities and Exchange Commission (SEC) are seen in Washington, July 6, 2009. REUTERS/Jim Bourg

WASHINGTON: The top US markets regulator said on Wednesday that hackers accessed its corporate disclosure database and may have illegally profited by trading on the insider information stolen.

The Securities and Exchange Commission (SEC) said the hack occurred in 2016 but that it had only discovered last month that the cyber criminals may have used the information to make illicit trades.

The hackers exploited a software glitch in the test filing component of the system to gain access to non-public information, the agency said.

The SEC hosts large volumes of sensitive and confidential information that could be used for insider-trading or manipulating US equity markets. Its EDGAR database houses millions of filings on corporate disclosures ranging from quarterly earnings to statements on mergers and acquisitions.

Although the SEC ”promptly” patched the vulnerability after detecting it in 2016, the regulator only became aware last month that the glitch ”may have provided the basis for illicit gain through trading”, it said.

“It is believed the intrusion did not result in unauthorised access to personally identifiable information, jeopardise the operations of the Commission, or result in systemic risk,” the SEC said, adding that it was also liaising with the relevant authorities without naming them.

The incident comes just weeks after Equifax Inc, a major US consumer credit reporting agency, disclosed that hackers had stolen data on more than 143 million customers and underscores the threat cyber criminals pose to the integrity of the financial markets.

It also raises questions about whether there were weak spots within the SEC, an institution tasked with protecting investors and financial markets, that allowed the hackers in.

In July, months after the breach was detected, a congressional watchdog office warned that the Wall Street regulator was ”at unnecessary risk of compromise” because of deficiencies in its information systems.

The 27-page report by the Government Accountability Office found the SEC did not always fully encrypt sensitive information, used unsupported software, failed to fully implement an intrusion detection system and made missteps in how it configured its firewalls, among other things.

Cyber criminals have targeted financial information hubs before - the Hong Kong stock exchange and the Nasdaq stock exchange in New York were targeted by hackers in 2011.

But the breach at the SEC is particularly egregious because its new boss, Jay Clayton, has made tackling cyber crime one of the top enforcement issues during his tenure.

It also puts the agency under a spotlight over why the 2016 breach was not disclosed earlier. Securities industry rules require companies to disclose cyber breaches to investors and the SEC has investigated firms over whether they should have reported incidents sooner.

The SEC has scored some victories in tackling cyber criminals in recent years. Two years ago it charged a group of mainly US-based stock traders and computer hackers in Ukraine with the theft of thousands of corporate press statements ahead of their public release, resulting in more than US$100 million in illegal profit. - Reuters

Limited time offer:
Just RM5 per month.

Monthly Plan

RM13.90/month
RM5/month

Billed as RM5/month for the 1st 6 months then RM13.90 thereafters.

Annual Plan

RM12.33/month

Billed as RM148.00/year

1 month

Free Trial

For new subscribers only


Cancel anytime. No ads. Auto-renewal. Unlimited access to the web and app. Personalised features. Members rewards.
Follow us on our official WhatsApp channel for breaking news alerts and key updates!
   

Next In Business News

Nasdaq, S&P set to open higher on tech boost, earnings glee
Sasbadi reports highest ever quarterly revenue
Aneka Jaringan leverages order book for growth
Chin Hin Group to develop two lands with combined GDV of RM1.08bil
CLMT 1Q net profit rises to RM33.49mil on higher occupancies, positive rental reversions
Ringgit ends marginally lower on firmer US dollar index
MoF: Govt to establish high-level facilitation platform to oversee potential, approved strategic investments
Meta Bright signs RM24mil leasing contract with Australia company
OCR Group to develop RM313mil residential project in Rawang
Legacy Credit emerges as substantial shareholder in VCI Global

Others Also Read