The U.S. Securities and Exchange Commission revealed that it was a victim of a cyberattack back in 2016, but wasn’t aware of the issue until months after. SEC Chairman, Jay Clayton, released a statement addressing the matter. Now, it raising concerns to the public and investors.
The issue of the attack surfaced when Clayton had asked for a review of the agency and revealed that some employees had sent emails attached with crucial and vital information through private emails.
The biggest financial regulator in the country reported that hackers used a software to breach the system and find an opening into the filings. The hackers gained access to information within Electronic Data Gathering, Analysis, and Retrieval System, known as Edgar.
It was also revealed that the hackers could have profited from trading through the breach. The hackers would get vital information on companies before it was released to the public, and then profiting from the private information.
"Cybersecurity is critical to the operations of our markets, and the risks are significant and, in many cases, systemic," Clayton said. "We must be vigilant."
After issue came into light, the public was filled with many questions addressing the matter. The SEC briefly answered very few questions, leaving many other questions unanswered and the public concerned.
“Companies are rightly asking themselves what the SEC is doing to protect their data–the very same questions that the SEC has been asking them for years,” said Paul Rosen, a partner with Crowell & Moring. “This breach is potentially a game-changer for the SEC and how it executes its mission. The SEC was founded to protect industry and shareholders, and ensure a level playing field.”
Edgar allows companies to submit XBRL and traditional HTML documents to ensure the coding is correct. The system returns back errors and warnings, which could prevent a live filing, explains Rob Blake, vice president of product management at Certent Inc.
He also says that many companies this program excessively. He says that companies can be running the program for as short as few hours to even days before the information goes public.
According to Wall Street Journal, In order to ease concerns among the public, it’s imperative that the SEC report exactly when the vulnerability was discovered and how long the risk was present, said Richard White, managing director for security services firm Oxford Solutions LLC.
The public is left without answers as to why it took a lengthy amount of time for the SEC to discover the cyberattack breaches in its system. This still leaves many investors and companies worried and concerned as these hackers can access important and private information.