Banking, finance, and taxes
Why Didn't The SEC Say It Was Hacked?
Published:
Last Updated:
The hack of the U.S. Securities and Exchange Commission database shares something in common with most other recent large hacks of corporate and government databases. It did not get around to mentioning the problem until well after it happened.
Given how sensitive SEC information can be, the decision is a puzzler.
The agency’s management released a statement, which said in part:
In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information
Two things stand out. First, the announcement was made fairly late in September. Second, the 2016 “detection” was not made public, although the SEC is a public agency used by thousands of companies and hundreds of thousands of investors.
The SEC statement did say the agency will take a number of measures to protect data in the future. SEC Chairman Jay Clayton said:
By promoting effective cybersecurity practices in connection with both the Commission’s internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency.
So far, no person or group has been accused of the hack. The SEC may not know whether data collected was used by hackers to make money through trading of publicly traded financial instruments. If the event is like many other hacks, no one may ever know.
As hacking of important databases becomes more frequent and is likely to continue to grow, two things stand out about the responsibility of those who control the databases. First, they need to improve security, which every single victim organization says it will do. Whether the actions will be effective is an open question. The other responsibility is to disclose hacking as quickly as possible. That has been a problem. Organizations have developed the habit mentioning hacks well after they have happened. For those who might be affected, that may be as bad as the hack itself.
Essential Tips for Investing (Sponsored)
A financial advisor can help you understand the advantages and disadvantages of investment properties. Finding a qualified financial advisor doesn’t have to be hard. SmartAsset’s free tool matches you with up to three financial advisors who serve your area, and you can interview your advisor matches at no cost to decide which one is right for you. If you’re ready to find an advisor who can help you achieve your financial goals, get started now.
Investing in real estate can diversify your portfolio. But expanding your horizons may add additional costs. If you’re an investor looking to minimize expenses, consider checking out online brokerages. They often offer low investment fees, helping you maximize your profit.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Latest from 24/7
