Hack of U.S. securities regulator rattles investors, stirs doubts

Advertise on CloudTweaks

WASHINGTON/NEW YORK (Reuters) – Wall Street’s top regulator faced questions on Thursday about its defenses against cyber criminals after admitting hackers breached its electronic database of corporate announcements and may have used it for insider trading.

The incursion at the Securities and Exchange Commission (SEC) struck at the heart of the U.S. financial system. The SEC’s EDGAR filing system is the central repository for market-moving information on corporate America with millions of filings ranging from quarterly earnings to statements on acquisitions.

Accessing documents before they are released publicly would offer hackers a lucrative opportunity to trade on that information.

The SEC said late on Wednesday that a hack occurred in 2016 but it had only discovered last month that the cyber criminals may have used the information to make illicit trades.

SEC Chairman Jay Clayton gave members of Congress a “courtesy call” about the hack late on Wednesday afternoon, said Rep. Bill Huizenga, chairman of the House subcommittee on Capital Markets, Securities, and Investment, which oversees the SEC.

I’m glad that Jay Clayton has decided to acknowledge this and release it, warts and all,” Huizenga said. ”It’s hugely problematic and we’ve got to be serious about how we protect that information as a regulator. I’m hoping that this leads to some vast improvements and an uptick in the vigilance that all the regulators are going to have with information that’s coming to them.

The disclosure has rattled investors’ faith in the security of their data. It comes two weeks after credit-reporting company Equifax (EFX.N) said hackers had stolen data on more than 143 million U.S. customers, and in the wake of last year’s cyber attack on SWIFT, the global bank messaging system.

It is particularly embarrassing for the SEC and its new boss Clayton, who has made tackling cyber crime one of the top enforcement issues during his tenure.

The Chairman obviously recognizes the irony of the SEC potentially serving as the unwitting tipper in an insider trading scheme,” said John Reed Stark, a former SEC staff member and cyber expert.

The SEC has said it was investigating the source of the hack but it did not say when exactly it happened or what sort of non-public data was retrieved. The agency said the attackers had exploited a weakness in part of the EDGAR system and it had “promptly” fixed it.

CYBER SLEUTHS NEEDED

Clayton will be grilled on the incident and its aftermath at a hearing by the Senate Banking Committee on Tuesday. In particular, questions are likely about how prepared the SEC was against such an attack and why it waited until now to disclose it.

Securities industry rules require companies to disclose cyber breaches to investors and the SEC has investigated firms over whether they should have reported incidents sooner.

In July, months after the breach was detected, a congressional watchdog office warned that the Wall Street regulator was “at unnecessary risk of compromise” because of deficiencies in its information systems.

The 27-page report by the Government Accountability Office found the SEC did not always fully encrypt sensitive information, used unsupported software, failed to fully implement an intrusion detection system and made missteps in how it configured its firewalls, among other things.

It also shut down a specialized unit on cyber crimes as part of a reorganization in 2010 despite former SEC chair Mary Jo White, in office when the hack occurred, telling Reuters in 2016 that cyber security posed the biggest risk to the U.S. financial system.

Cyber crimes have continued to spread, thrive and become more innovative. Now, more than ever, the SEC needs a dedicated and specialized corps of cyber sleuths to track down and deter hackers,” said Stark, currently president of a cyber consulting firm.

The SEC has scored some victories in tackling cyber criminals. In 2015, the commission unmasked a ring of stock traders and hackers who had accessed company press releases from distributors Marketwire, PR Newswire and Business Wire before the information was made public to make $100 million in illegal profits…

Article Source: Reuters

CloudBuzz

A curated, syndicated list of leading technology news stories from around the world. Leading and trending stories are researched curated each day covering prominent technology vendors in the connected technology space.

CONTRIBUTORS

Tesla is Worth More Than Ford or GM. Is this the Automakers iPhone Moment?

Tesla is Worth More Than Ford or GM. Is this the Automakers iPhone Moment?

The Automakers iPhone Moment Remember Blackberry? How about Nokia or Motorola? Vaguely you say. Will we one day state the ...
Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation: Not Just For Large Enterprises Anymore

Digital Transformation Digital transformation is the acceleration of business activities, processes, and operational models to fully embrace the changes and ...
The Unintended – and Intended – Consequences of Cloud Data Sovereignty

The Unintended – and Intended – Consequences of Cloud Data Sovereignty

Cloud Data Sovereignty It seems that everything has unintended consequences – whether positive or negative. Intended consequences are those that ...
Selfie Drone Privacy Issues

Space Invaders – Is That A Selfie Drone I See Before Me?

Selfie Drone Privacy Issues The growing concept of privacy is one that I find very interesting and this is where ...
Identity and Access Management: Advancing to Meet the Changing Needs of Passwords and Governance

Identity and Access Management: Advancing to Meet the Changing Needs of Passwords and Governance

Identity and Access Management The identity and access management market continues to grow in a wide variety of industries of ...
Secure Enterprise IoT Platform

Building a Secure Enterprise IoT Platform

Secure Enterprise IoT Platform In the past 12 months here on CloudTweaks I have discussed some topics that were focused ...
Metal Detecting Drone

The Rise Of The Metal Detecting Drone

Metal Detecting Drone Look up in the sky; it's a bird, no it's a plane. No, it is a swarm ...
Matthew Cleaver

Dispelling the Myths of Cloud Solutions for the Small Business

Dispelling the Myths of Cloud Solutions As a business leader, migrating to the cloud can be overwhelming due to the ...

NEWS

New IDC Spending Guide Forecasts Nearly $120 Billion in Worldwide Spending on Security Products and Services in 2021

New IDC Spending Guide Forecasts Nearly $120 Billion in Worldwide Spending on Security Products and Services in 2021

FRAMINGHAM, Mass., October 19, 2017 – Worldwide spending on security-related hardware, software, and services is forecast to reach $119.9 billion in ...
Cisco Unveils Industry's First Predictive Services Powered by AI

Cisco Unveils Industry’s First Predictive Services Powered by AI

New offerings designed to manage growing technical skills gap through unique expertise, intelligence and automation SAN JOSE, CA--(Marketwired - Oct ...
Toyota to test self-driving, talking cars by about 2020

Toyota to test self-driving, talking cars by about 2020

TOKYO (Reuters) - Toyota Motor Corp (7203.T) on Monday said it would begin testing self-driving electric cars around 2020, which ...

CloudTweaks CONTRIBUTOR PROGRAM

The CloudTweaks thought leadership profile building program is free to join but requires a commitment of atleast 3 articles over a 12-month period. Articles must be vendor-neutral in nature, related to connected cloud technologies and written by an executive level business representative to be considered.

You can also contact us to hear more about our on-demand content and lead generation programs for 2018