Today, it was announced that the SEC was a victim of a late Wednesday night hack.
The hackers took advantage of a software vulnerability in the SEC’s EDGAR system, a vast database that holds all the documents publicly traded companies have to file with the regulator. Through the flaw, the intruders were able to obtain information that hadn’t been made public, Clayton said.
EDGAR contains information about company earnings, share dealings by top executives and corporate activity such as mergers and acquisitions. Accessing that information before it’s disclosed publicly could allow hackers to make money by anticipating how a share price would respond.
The vulnerability was fixed “promptly after discovery” and the SEC believes it did not “result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk,” Clayton added.
His statement didn’t provide any details about the information the hackers obtained or which companies might have been affected, but did make clear that the investigation is continuing.
The SEC is the latest high-profile organization to admit its cyber defenses have been breached. Its announcement comes about two weeks after credit reporting agency Equifax said a major hack may have exposed personal data on as many as 143 million people.
“The FTC typically does not comment on ongoing investigations,” Peter Kaplan, the FTC’s acting director of public affairs, said in a statement. “However, in light of the intense public interest and the potential impact of this matter, I can confirm that FTC staff is investigating the Equifax data breach.”
A spokesperson for Equifax said the company is “actively engaging with and being responsive to regulators, federal agencies and legislators and expect to continue to do so in the future.”
Our question is, who should be responsible for protecting your personal information online?