Statement on Cybersecurity Chairman Jay Clayton, Sept. 20, 2017
“…Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems.  In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.  Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information.  We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.  Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.  As another example, our Division of Enforcement has investigated and filed cases against individuals who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movements…”

Updates pertaining to the breach:

• WSJ – SEC Draws Scrutiny for Slow Response to Hack – Top officials at agency remained unaware of breach for months after it occurred
• The Register – SEC ‘fesses to security breach, says swiped info likely used for dodgy stock-market trading – EDGAR database a veritable goldmine of financial tips
• cnet – After breach, SEC says hackers used stolen data to buy stocks – After accessing the Security and Exchange Commission’s nonpublic filings, hackers may have used the stolen data to pad their portfolios with tomorrow’s hot stocks.
• Oversight of the U.S. Securities and Exchange Commission September 26, 2017 10AM – hearing entitled “Oversight of the U.S. Securities and Exchange Commission.” The witness will be The Honorable Jay Clayton, Chairman, U.S. Securities and Exchange Commission.
• Here’s the Latest About What the SEC Hackers Stole – “Hackers breached the U.S. Securities and Exchange Commission’s computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency’s corporate filing system, according to sources familiar with the matter. The Federal Bureau of Investigation and the U.S. Secret Service have since launched an investigation into a 2016 hack into the SEC’S EDGAR system, several of those people said. The sources spoke anonymously because it is not a public investigation. The SEC’s EDGAR system is a crucial network used by companies to file earnings reports and other material information. Spokesmen for the FBI, the Secret Service and the SEC all declined to comment, saying they could neither confirm nor deny the existence of an investigation…”