The Securities and Exchange Commission (SEC), the country’s top markets regulator, said on Wednesday hackers may have illegally profited by trading using insider information stolen from its corporate disclosure database.
The regulator said the incident took place in 2016 but that it had only detected the breach of its EDGAR system last month and that it was investigating the matter.
The hackers exploited a software glitch in the test filing component of the system to gain access to non-public information, the agency said.
EDGAR houses millions of documents that companies are required to file to the SEC so that they can be accessed by investors.
Although the SEC ‘promptly’ patched the vulnerability after detecting it in 2016, the regulator only became aware last month that the glitch ‘may have provided the basis for illicit gain through trading’, it said.
The Securities and Exchange Commission, the country’s top markets regulator whose Washington, DC headquarters is seen above, said on Wednesday hackers may have illegally profited by trading using insider information stolen from its corporate disclosure database
‘It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,’ the SEC said, adding that it was also liaising with the relevant authorities without naming them.
The incident will stoke growing fears over the threat hackers pose to the integrity of the financial markets and listed companies, after Equifax Inc, the credit data reporting giant, disclosed this month hackers had stolen data on more than 143 million customers.
Equifax Inc said on Wednesday that on March 10 an attacker ‘interacted’ with a server at the heart of the massive breach disclosed this month, but there is no evidence that the incident was linked to the breach of 143 million records.
The company disclosed the incident after the Wall Street Journal reported details of a report from FireEye Inc investigators hired by Equifax, which disclosed the March compromise of the server used to run a consumer dispute portal.
The incident will stoke growing fears over the threat hackers pose to the integrity of the financial markets and listed companies, after Equifax Inc, the credit data reporting giant, disclosed this month hackers had stolen data on more than 143 million customers
Massachusetts Attorney General Maura Healey filed a lawsuit on Tuesday against Equifax following the breach that affected three million people in the state.
Senator Elizabeth Warren, a Massachusetts Democrat, called the breach a ‘nightmare’ and said credit reporting companies should not profit from monitoring or freezing credit arising from the hack.
Equifax said the massive breach of sensitive data, including Social Security numbers, might affect about 100,000 Canadians.
Equifax’s share price has fallen by about one-third since it disclosed the data breach, among the largest ever recorded, on September 7.
The lawsuit seeks civil penalties, disgorgement of profits, restitution, costs, and attorneys’ fees.
‘Equifax needs to pay for its mistakes, make our residents whole, and fix the problem so it never happens again,’ Healey said in a statement.
Equifax spokesman Wyatt Jefferies declined to comment on the lawsuit, but said in a email that the company wanted to reassure consumers of its focus on helping them to ‘navigate this situation.’
Reuters also reported earlier this year that hackers had successfully managed to manipulate penny stocks by illegally gaining access to brokerage accounts.