Late Wednesday, the Securities and Exchange Commission said that it discovered last month that a 2016 hack of its computer filing system for publicly traded companies "may have provided the basis for illicit gain through trading." The "software vulnerability in the test filing component of the commission's EDGAR system" has been patched, and while the "intrusion" was discovered last year, the SEC said, it only learned about the possible use of pilfered information to trade stocks for illegal profit after SEC Chairman Jay Clayton ordered a cybersecurity review in May 2017.
The SEC statement did not say why the agency didn't disclose the breach last year, when the system was hacked, or whether specific companies were targeted. The SEC is the federal government's main Wall Street regulator. "Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic," Clayton said. "We must be vigilant. We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery."