Banking, finance, and taxes
Why Didn't The SEC Say It Was Hacked?
Published:
Last Updated:
This post may contain links from our sponsors and affiliates, and Flywheel Publishing may receive
compensation for actions taken through them.
The hack of the U.S. Securities and Exchange Commission database shares something in common with most other recent large hacks of corporate and government databases. It did not get around to mentioning the problem until well after it happened.
Given how sensitive SEC information can be, the decision is a puzzler.
The agency’s management released a statement, which said in part:
In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information
Two things stand out. First, the announcement was made fairly late in September. Second, the 2016 “detection” was not made public, although the SEC is a public agency used by thousands of companies and hundreds of thousands of investors.
The SEC statement did say the agency will take a number of measures to protect data in the future. SEC Chairman Jay Clayton said:
By promoting effective cybersecurity practices in connection with both the Commission’s internal operations and its external regulatory oversight efforts, it is our objective to contribute substantively to a financial market system that recognizes and addresses cybersecurity risks and, in circumstances in which these risks materialize, exhibits strong mitigation and resiliency.
So far, no person or group has been accused of the hack. The SEC may not know whether data collected was used by hackers to make money through trading of publicly traded financial instruments. If the event is like many other hacks, no one may ever know.
As hacking of important databases becomes more frequent and is likely to continue to grow, two things stand out about the responsibility of those who control the databases. First, they need to improve security, which every single victim organization says it will do. Whether the actions will be effective is an open question. The other responsibility is to disclose hacking as quickly as possible. That has been a problem. Organizations have developed the habit mentioning hacks well after they have happened. For those who might be affected, that may be as bad as the hack itself.
Cash Back Credit Cards Have Never Been This Good
Credit card companies are at war, handing out free rewards and benefits to win the best customers. A good cash back card can be worth thousands of dollars a year in free money, not to mention other perks like travel, insurance, and access to fancy lounges. See our top picks for the best credit cards today. You won’t want to miss some of these offers.
Flywheel Publishing has partnered with CardRatings for our coverage of credit card products. Flywheel Publishing and CardRatings may receive a commission from card issuers.
Thank you for reading! Have some feedback for us?
Contact the 24/7 Wall St. editorial team.
Latest from 24/7
Our expert who first called NVIDIA in 2009 is predicting 2025 will see a historic AI breakthrough.
You can follow him investing $500,000 of his own money on our top AI stocks for free.