The top regulator for US financial markets says hackers may have made money from breaking into its corporate filing system and gaining access to inside information about companies. The credit reporting agency Equifax announced a massive hack earlier this month that affected 143 million Americans, sparking outrage on Capitol Hill and multiple investigations.
The U.S. Securities and Exchange Commission (SEC) has revealed that attackers might have used data they stole in a security breach for illicit insider trading. He blamed software vulnerably for the intrusion and said it was "patched promptly after discovery".
While the 2016 SEC breach was known by the agency, it was never disclosed to the public; the expanded impact of the incident was not uncovered until August, more than one year after the attack. A post on the SEC site said Clayton's statement "is part of an ongoing assessment of the SEC's cybersecurity risk profile that Chairman Clayton initiated upon taking office in May". It had a "software vulnerability" that was "exploited and resulted in access to nonpublic information", Clayton said in the statement.More news: North Korea on Path to Target US With Accurate Nuke
More news: SK Hynix Banks on Toshiba Purchase for NAND Memory Technology
More news: Man to face charges in Agawam educator's 1992 rape, murder
If the right information gets into the wrong hands it can greatly upset the stability of the market, and if hacks happen it's hard to trust trading on Wall Street to be fair.
The SEC has said it was investigating the source of the hack but it did not say exactly when it happened or what sort of non-public data was retrieved. It said that its database of corporate announcements was breached and cybercriminals may have used the information for profit.
"Failure to do so may result in an enforcement action", he warned, although the SEC is yet to ever bring any such action against a non-complying company.
The SEC revealed that a hack that occurred in 2016 may have resulted in illicit trades using nonpublic information.
Chris Pierson, CSO at electronic payment provider Viewpost, said the SEC breach was especially significant because the SEC's Division of Corporation Finance "spearheaded the requirement that public entities disclose material cybersecurity risks". Insider trading refers to buying or selling of a stock by a trader who has inside knowledge that the investing public is not aware of, creating an unfair advantage. "We must be vigilant".