A few weeks ago, the Securities and Exchange Commission (SEC) revealed that its Electronic Data Gathering Analysis and Retrieval (EDGAR) system was hacked in 2016. Rather than issuing a news release specific to the discovery of the event, the SEC included information about the incident in a “Statement on Cybersecurity” on its website. The agency described “a software vulnerability [in EDGAR’s] test filing component [that] was exploited and resulted in access to nonpublic information.”
The SEC indicated that the breach was discovered in August, 2017. The agency went on to state that it does not believe that the hack resulted in unauthorized access to personally identifiable information or would otherwise jeopardize the SEC’s operations. Perhaps most notably, however, the hackers may have engaged in illicit trading with information accessed. The SEC investigation is apparently ongoing, so further ramifications of the incident are yet to unfold.
© 2017 Ossian Law P.C.