Following an internal review, SEC Chairman Jay Clayton revealed that the organisation had been the victim of “Malicious attacks”. The revelation came in a 4,000-word statement released on Wednesday and caused concerns among those on the trading floor.
The Securities and Exchange Commission is responsible for handling almost 1.7 million financial market disclosure documents a year through its EDGAR system, which was revealed as the source of the leak. The admission will be a source of embarrassment for the SEC, whose mission statement is to ‘protect investors’. Clayton’s statement confirmed that the leak was discovered and subsequently fixed in 2016. However, last month they discovered that the breach may have resulted in people being able to use the data acquired in the hack to illegally make profits on the stock market.
In addition to the cyber hack, Clayton’s statement also confirmed the use of private e-mails being used to transmit confidential data and that a number of SEC laptops that may contain confidential data are missing.
Wall Street has been suitably dismayed by the leak, given the potential risks that have been thrust upon it by the very organisation that is tasked with policing trades. However, the cyber breach will not come as a surprise to many within the government who have previously raised concerns about the SEC’s security systems in the past, including the Department of Homeland security who reportedly discovered five “critical” weaknesses in their system as recently as the start of 2017.
The US markets are already on edge, following the recent Equifax data breach which resulted in the leak of 143 million consumer records and is the subject of increased scrutiny and at least one Federal investigation.
In a bid to restore faith in the institution, Clayton has given his assurances that the SEC is taking cyber security seriously; he stated that: “The Commission will continue to prioritize its efforts to promote effective cybersecurity practices within the Commission itself and with respect to the markets and market participants it oversees,” and that all steps are being taken to ensure there is not a repeat of a leak.
The move is a further indication that large financial companies and institutions are under increasing threat from cyber hacks. The SEC statement did not specify who was behind the breach, but recently countries such as Russia and North Korea have been linked to several high-profile hacks on large organisations.
Clayton and the SEC will need to ensure that it does not fall victim again if it is to rebuild its significantly damaged reputation on Wall Street.