SEC confirms cyber incident affecting its EDGAR system
“An incident previously detected in 2016 may have provided the basis for illicit gain through trading”, the Commission says.
United States financial regulators are not entirely resilient to cyber attacks, as was just proven by a statement by Jay Clayton, Chairman of the Securities and Exchange Commission (SEC).
The EDGAR system, which is used by the companies to file their statements with the SEC, was subjected to an attack, Mr Clayton has confirmed.
“In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information.”
The statement continued to state that SEC believes the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. However, the investigation of this matter is still ongoing.
This statement is released amid a wider wave of security breaches across various companies. Online trading companies are not immune to cyber threats either, as proven by the most recent reports from a number of brokers. Canadian brokerage Questrade said in June that it was a victim of a DDoS attack, which affected the normal work of its platforms. The company noted that this was not a ‘hack’ and no personal information had been compromised. Early this month, Questrade sought to bolster the security of its customer accounts by introducing a Last login feature. Thanks to this addition, whenever traders log in to their Questrade accounts, they can check information about the last login to their account, such as date, time, and device/browser.
Several Japanese online trading companies have also been victims of malicious cyber attacks, with the most recent example provided by Japanese retail FX broker Hirose Tusyo Inc (TYO:7185), or Hirose FX, which was subjected to a DDoS attack earlier this week. A data breach resulting from an unauthorized access to the credit card data from the websites of two of the clients of GMO Payment Gateway Inc (TYO:3769) has led to a costly recovery for the payment services provider, including a number of top executives at the company foregoing a part of their pay.