THE US SECURITIES AND EXCHANGE COMMISSION has revealed that hackers broke into one of its systems and swaggered off with sensitive information about companies that they could have used to make an illegal gain.
Edgar, the SEC's company filings database, which has some 21 million filings within was breached in 2016, according to the agency, an incident that lit a fire under the ass of the outfit. It has just come out with a statement this week, but the SEC said that this is all part of its ongoing commitment to cyber security… something that it presumably did not have in place in 2016.
"Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic," said SEC chairman Jay Clayton. "We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery."
Nice one Jay. The SEC statement is ridiculously long. In it, Clayton explains that he put the security push into effect in 2017, and what sort of things the SEC deals with and worries about these days.
"Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases, cyber threat actors have managed to access or misuse our systems. In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading," he explained.
"Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing,"
This is not the only problem that the SEC faces. It has also identified that some laptops that may have contained important sensitive information are unaccounted for and that staffers are sometimes sharing work information via personal email accounts
The SEC may take some consolation from the fact that it is not the only baggy federal agency around because the Office of Personnel Management got banged for the records of millions of people just two years ago. µ
You can't fault them for speed
Investigation reveals that malicious code was injected into the firm's payment page
Plus the three-for-free
And it's not just on Ubuntu, neither