Although the SEC had “promptly” patched the vulnerability in its EDGAR system which stores millions of confidential data that companies are required to file to the SEC, the fact that hackers have managed to penetrate its systems, have stoked investor concerns.
In a startling development, the U.S. Securities and Exchange Commission (SEC), disclosed that hackers may have illegally profited from trading using insider information stolen from its corporate disclosure database.
As per the top regulator, although the incident took place in 2016, it detected the breach in its EDGAR system only last month. It is now investigating the matter.
As per the agency, hackers gained entry into the system, by exploiting a bug in the test filing component of the system to to gain access to the non-public information.
The SEC’s EDGAR has millions of documents that companies are required to file to the SEC so that they can be accessed by investors.
Although the SEC “promptly” patched the vulnerability having detected it in 2016, it only became aware last month that the particular vulnerability “may have provided the basis for illicit gain through trading”, said the SEC.
“It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,” said the SEC.
It went on to add, it is liaising with relevant authorities without disclosing who they may be.
The security incident stokes growing fear of threats from hackers who pose a security threat to global financial systems. Earlier this month, Equifax Inc’s disclosure that the personal information of more than 50% of U.S. citizens have been compromised by hackers, sent shivers down the collective spine of regulators and cyber security specialists.