The commission says that “illicit gain through trading” may have been the key motivator.

The US Securities and Exchange Commission has admitted to being hacked in 2016, with illegal trading potentially at the root of the breach.

On Wednesday, SEC Chairman Jay Clayton said one of the financial regulator’s databases, containing corporate announcements, was compromised and may have been used to gain an advantage in stock trading.

By specifically targeting this system, the threat actors may have gained access to information which had the power to change the market, which in turn could be used to trade illicitly thanks to the stolen, “insider” information contained therein, whether they were company financial statements or merger announcements.

In a statement, SEC said the Edgar filing system data breach took place in 2016, but it is not yet known which companies may have been affected — or how much the hacker profited.

Edgar processes roughly 1.7 million electronic filings per year.

The hacker was able to take advantage of a “software vulnerability in the test filing component” of Edgar, which “resulted in access to nonpublic information.”

Once discovered, the problem was immediately patched, and an investigation has now begun into the data breach.

Clayton said the review of the incident is ongoing with help from “appropriate authorities,” but it is not so far believed that the hack went any further and compromised any other SEC systems.

“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” Clayton said. “We must be vigilant. We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”

The breach was discovered as part of an audit ordered by the chairman. It was also discovered that staff have used private, unsecured email accounts to transfer confidential information.

SEC’s disclosure comes only two weeks after Equifax disclosed a severe data breach, resulting in private and sensitive data belonging to 143 million US consumers, as well as roughly 400,000 UK customers, being compromised.

US names, social security numbers, dates of birth, and home address were exposed and may have been stolen, but Equifax says UK client data leaked only included customer names, dates of birth, email addresses, and telephone numbers.

Equifax then blamed an Apache Struts security hole for the incident. While it is possible that a zero-day bug was to blame, it appears more likely that a patching oversight or lazy updating was to blame.

From:http://www.zdnet.com/article/sec-admits-data-breach-suggests-insider-trading-was-the-key/

About OsMonitor:

The mission of OsMonitor is to create a Windows computer system tailored for work purposes, effectively regulating employee computer behavior. It enables employers to understand what employees are doing each day, monitoring every action, including screen activity and internet usage. Additionally, it restricts employees from engaging in specific activities such as online shopping, gaming, and the use of USB drives.

OsMonitor, designed purely as software, is remarkably user-friendly and requires no additional hardware modifications. A single management machine can oversee all employee computers. As a leading brand in employee computer monitoring software with over a decade of successful operation, OsMonitor has rapidly captured the global market with its minimal file size and excellent cost-effectiveness compared to similar software. At this moment, thousands of business computers worldwide are running OsMonitor daily.

Download OsMonitor Free Trial