The Securities and Exchange Commission quietly announced on Wednesday night that a 2016 breach of their online filing system, EDGAR, resulted in “access to nonpublic information” which may have been used for “illicit gain through trading.”
While the hack took place last August, the SEC apparently didn’t figure out until recently that the hackers may have used the nonpublic filings to profit from movements in the market – according to a 5,000 word statement on cybersecurity released at 11 p.m. EST on Wednesday. Buried within the report, 1500 words in, is one paragraph disclosing the hack.
“In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.”
Insecurity Everywhere
Between the 8,000 documents posted by Wikileaks detailing the CIA’s own hacking methods, a 2015 breach of the Office of Personal Management in which sensitive data on 21 million people was stolen, and several state websites which were hacked with a pro-ISIS message – one thing is clear; our ‘trusted’ government institutions need to beef up their cybersecurity.
If you enjoy the content at iBankCoin, please follow us on Twitter
The sole purpose of the SEC is to provide insider information to the correct people. The problem with the hack is that it might have supplied info to the incorrect people.
It’s good to hear that insiders were for once front-run by hackers as a consequence of the 2016 breach.