Expand / Collapse search
Watch TV
Menu

This material may not be published, broadcast, rewritten, or redistributed. ©2024 FOX News Network, LLC. All rights reserved. Quotes displayed in real-time or delayed by at least 15 minutes. Market data provided by Factset. Powered and implemented by FactSet Digital Solutions. Legal Statement. Mutual Fund and ETF data provided by Refinitiv Lipper.

Cybercrime

SEC says hack may have led to illegal Wall Street profits

By Lukas Mikelionis , Fox News
Published | Updated
stock chart

File photo: A Specialist trader looks at a chart at his post on the floor of the New York Stock Exchange (NYSE) in New York, U.S., May 10, 2017. (REUTERS/Brendan McDermid)

The country’s top Wall Street regulator says a cyberattack last year breached its system for storing documents filed by companies, possibly allowing hackers to make illegal profits.

The Securities and Exchange Commission admitted the breach in a statement posted Wednesday on its website.

Chairman Jay Clayton said a review of the agency’s cybersecurity revealed “a software vulnerability” in its EDGAR (electronic data gathering, analysis and retrieval) filing system. Hackers exploited that vulnerability, resulting in "access to nonpublic information," he said.

The breach was fixed shortly after it was discovered in 2016, but some investors may have used the illegally acquired data to make illegal profits, Clayton said.

“Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber-threat actors have managed to access or misuse our systems,” he said.

He assured that the cyberattack did not expose any personal information, but “may have provided the basis for illicit gain through trading.”

The agency announced the hack in the wake of a massive months-long hack of Equifax, a credit reporting agency, through which sensitive personal information of 143 million people was exposed.

Publicly traded companies use the SEC’s EDGAR system to file disclosure documents. It processes around 1.7 million filings a year.

The SEC has experienced other security risks in recent years. Clayton said in the same statement that a 2014 review could not locate some agency laptops that may have contained confidential information.

Instances of the agency’s staff using private, unsecure private emails to send confidential information were also discovered.

The SEC will continue to investigate the cyberattack and might coordinate with the “appropriate authorities,” the statement said.

The Associated Press contributed to this report.