The Securities and Exchange Commission (SEC) revealed Wednesday that hackers breached its system for public-company filings and may have profited from stolen insider information.
SEC Chairman Jay Clayton said in a statement that hackers exploited a software vulnerability in the regulator’s EDGAR filing system. That breach was discovered in 2016, he said, but the SEC did not learn about the possibility of unlawful trading until 2017.
The SEC says the software flaw was quickly patched, and that no sensitive personal information, such as credit card or Social Security numbers, was exposed in the breach.
{mosads}“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” said Clayton in a statement. “We must be vigilant. We also must recognize—in both the public and private sectors, including the SEC—that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”
He did not say who may have been responsible for the breach.
The announcement comes just more than a week after credit report company Equifax revealed that hackers accessed personally identifiable information from more than 144 million people.