A top US financial regulator faces questions about its preparation for cyber attacks, after disclosing a breach of a key database of company filings.
The Securities as well as Exchange Commission said a software vulnerability allowed access to private information as well as may have led to illicit trading.
Federal inspectors have previously identified numerous gaps inside the SEC’s cyber security practices.
The SEC can be investigating the breach.
A spokesperson declined to comment beyond a statement issued on Wednesday.
SEC Chair Jay Clayton said the agency detected the problem with the Edgar system, a main clearing house for filings by public companies, money managers, as well as different firms, in 2016 as well as fixed the item.
nevertheless in August the SEC learned which the item may have been exploited for trading gains. The agency said the breach did not result in “systemic risk”.
“The Commission will continue to prioritize its efforts to promote effective cybersecurity practices within the Commission itself as well as with respect to the markets as well as market participants the item oversees,” Mr Clayton said.
A ‘big deal’
Questions remain about the scope of the breach, including when the item occurred, how long the item persisted as well as how many companies the item might have affected.
The information available also does not make clear who might be behind the attack. Experts said possibilities range coming from organized crime groups to a state-backed entity.
Countries such as North Korea have been linked to groups alleged to be behind attacks on financial institutions in recent years, including the central bank of Bangladesh as well as a financial regulator in Poland.
Cyber security expert Tom Kellermann, chief executive of Strategic Cyber Ventures, said he thinks a group backed by a nation-state may be at work in This specific instance as well, because those are the groups which have succeeded at a high level inside the past.
He can be concerned about further security implications, he added.
“the item’s a big deal,” he said. “The functional reality can be [the disclosure can be] just the tip of the iceberg.”
Analysts said the incident underscored which hackers are targeting increasingly high-profile financial institutions.
Cyber security firm Symantec said about 38% of the threats the item detected last year targeted large businesses.
“There can be a trend toward more worrisome malicious activity which targets financial markets,” said Tim Maurer, co-director of the Cyber Policy Initiative at the Carnegie Endowment for International Peace.
The SEC presents a rich target for criminals looking for information about companies as well as different parts of the financial system. the item polices stock markets as well as its Edgar database contains millions of company filings.
The agency’s leaders have been sounding increasingly loud alarms about cyber threats to financial systems.
nevertheless for years governmentaudits have identified vulnerabilities related to the SEC’s information security program.
The US Department of Homeland Security also found several “critical” weaknesses on SEC computers in January, Reuters reported.
The latest breach raises concerns about whether the SEC took cyber security protection seriously enough, said Representative Bill Huizenga, who sits on House committees which oversee the agency.
“which’s a question which can as well as should be asked,” Mr Huizenga said. “We have a regulator not necessarily living up to the standards they have been expecting others to live up to.”
Mr Clayton, who was appointed by President Donald Trump in January as well as confirmed in May, initiated a review of the agency’s cyber practices This specific spring.
He was previously scheduled to testify before a Senate banking panel next week. He can be anticipated to face questions about the breach then, as well as coming from lawmakers inside the House.
Mary Jo White, who preceded Mr Clayton as SEC chair, declined to comment.
The disclosure can be likely to hurt the SEC, said William Carter, deputy director of the Technology Policy Program at the Center for Strategic as well as International Studies.
“The big issue the item will pose can be the item will influence the credibility of the SEC as well as raise concerns about the risk companies face when generating disclosures,” he said.