This article is from the source 'nytimes' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at https://www.nytimes.com/2017/09/20/business/sec-hacking-attack.html

The article has changed 3 times. There is an RSS feed of changes available.

Version 0 Version 1
S.E.C. Says It Was a Victim of a Computer Hack Last Year S.E.C. Says It Was a Victim of a Computer Hack Last Year
(about 1 hour later)
HONG KONG — The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading.HONG KONG — The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading.
The Securities and Exchange Commission said in a statement that it was still investigating the breach. It said the security vulnerability the was exploited in the hack had been patched shortly after it was discovered. The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, will likely intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system.
It was not clear when the breach was uncovered, although the commission said it learned in August that an incident that had been detected last year “was exploited and resulted in access to nonpublic information.” The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency.
The commission said it learned in August that an incident detected last year “was exploited and resulted in access to nonpublic information.” It said the security vulnerability used in the hack had been patched shortly after it was discovered.
The hack, it said, “may have provided the basis for illicit gain through trading.”
The Equifax hack, which focused on a database that contained the personal information of 143 million Americans, focused attention on the vulnerabilities of private companies that handle sensitive personal financial information. The S.E.C. sometimes handles its own sensitive information, including disclosures that companies are allowed to keep away from investors. Such information could give traders an edge.
In its statement, the commission did not release further details of the hack, including whether it had resulted in disclosure of any information about particular companies.In its statement, the commission did not release further details of the hack, including whether it had resulted in disclosure of any information about particular companies.
“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” the commission’s chairman, Jay Clayton, said in the statement. “We must be vigilant. We also must recognize — in both the public and private sectors, including the S.E.C. — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.” “Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” the commission’s chairman, Walter J. Clayton, said in the statement. “We must be vigilant. We also must recognize — in both the public and private sectors, including the S.E.C. — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”
The commission said it did not believe that the breach had involved personal information or that it would jeopardize the commission’s activities.The commission said it did not believe that the breach had involved personal information or that it would jeopardize the commission’s activities.