The Securities and Exchange Commission has been a leader and enforcer of cybersecurity requirements. However, even the SEC is vulnerable as they recently announced a 2016 data breach that might have given hackers access to private information that could easily have been used for illegal trading. SEC Chairman Jay Clayton stated the breach was due to software vulnerability in their EDGAR system.
EDGAR is a system for collecting, validating, accepting, and forwarding digital disclosure documents from public companies required by US law to file with the SEC. Data within the system includes statements for IPOs, quarterly and annual reports, as well as voluntary filings that would remain private. Valuable private data within the system could have included filings for mergers and acquisitions, which could easily be used to predict changes in the stock market and make a huge profit.
The SEC is not legally obligated to disclose this breach as it involved EDGAR data, not PII. However, the breach occurred sometime in 2016, so it is odd they have chosen to disclose it now. The disclosure has been very vague, lacking any details on how it may have happened or when exactly it did happen. While the language they used made it sounds as though they immediately identified the problem and fixed it, this is potentially not true. The opposite situation could also be true that the breach went undiscovered for a long period and the minimum amount of patches required occurred. To read more speculation about the SEC breach, click here.
If you are or have been the victim of digital information hacking, call McCann Investigations at (877) 302-8133. We will provide a free consultation and outline the steps you and your response team need to take to gather and maintain the evidence you need to pursue litigation. We can also explain the critical use of a licensed investigator to perform the forensic investigation and provide an objective opinion on the origination and scope of the compromise.