The United States Securities and Exchange Commission revealed today that hackers breached its EDGAR system used to receive, store, and distribute public-company filings, and that criminals may have profited by illegally trading based on nonpublic information stolen from the regulatory agency.
In a lengthy statement, SEC Chairman, Jay Clayton, said that the SEC discovered the breach last year but only recently realized that illegal trading may have occurred as a result of it; in Clayton’s words “the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.” The SEC has not clarified as of yet why it did not initially suppose that illegal trading may have occurred as a result of the breach.
This announcement comes just days after Equifax admitted that it was compromised in what may be the worst breach ever from the perspective of American consumers, and the revelation that three Equifax executives sold stock after that breach was discovered but before it was publicized.
The SEC and EDGAR have had technology and information-security problems in the past. In May of 2015, deficient security apparently allowed someone to upload to the system a bogus document showing that a firm called PTG Capital was going to buy Avon for nearly three times the latter’s market value – a move that caused Avon’s stock price to temporarily surge. Half a year prior, Congresswoman Carolyn Maloney pointed out that some traders were obtaining SEC information before others – as evidenced from stock prices moving about half a minute before related public filings were made available on the SECs public website.
On a good note, the SEC believes that in the current case “the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.” Of course, we must hope that the SEC is correct in this regard; it may have grossly underestimated the magnitude of the breach for many months after detecting it.