The chairman of the U.S. Securities and Exchange Commission will face a Senate committee next week following the agency’s disclosure that hackers pulled secret market data from its systems and possibly used it to conduct trades.
In a lengthy statement issued Wednesday, SEC Chairman Jay Clayton writes that a May 2016 hacking incident “may have provided the basis for illicit gain through trading.” The attackers targeted EDGAR, an electronic filing system for company data that processes more than 1.7 million documents a year (see Profiting From the SEC Breach).
EDGAR and other SEC systems are attractive targets. While much data collected by the enforcement agency is publicly available, the agency also holds a variety of personally identifiable information and nonpublic data that’s used for investigations and other supervisory functions.
“EDGAR is the system that contains all the official filings of public companies, future announcements and other sensitive records and is a treasure trove to cybercriminals and nation states around the world,” Chris Pierson, the CSO and general counsel for financial technology payment firm Viewpost, tells Information Security Media Group. “There is a part of the system that houses private filings relating to proposed mergers and acquisitions or other very sensitive corporate matters.”
Possessing this nonpublic data could give rogue traders an edge. It’s a risk the SEC is well aware of: In recent years, the agency has begun at least three criminal cases centering on the theft of nonpublic information for trading purposes, it says.