The Securities and Exchange Commission, even as it ramps up examination efforts to ensure adequate cyber-security protections, has fallen victim to the very sort of market-manipulating trouble it is on the lookout for.

On May 14, at approximately 11:30 a.m., a PTG Capital Partners, a London-based, global private equity investment firm, disclosed in a regulatory filing on the SEC’s EDGAR system that it offered to buy Avon for $18.75 a share. The big problem: the firm is fictitious and there was no such offer. The bigger problem: even though trading in Avon stock was halted after discovery of the fake announcement, the filing was still the first document listed during an Avon search on EDGAR Friday morning.

The disclosure, read as follows:

“PTG Capital Partners LTD. announced today that it has submitted an offer to the board of directors of Avon Products proposing to acquire all of the company's outstanding stock, and outstanding options to acquire such shares, in a recommended cash tender offer at a price per share of U.S. $18.75. The proposed offer is subject to satisfactory completion of due diligence, the redemption or termination of the rights plan, or "poison pill," if any, and negotiation and execution of a definitive written agreement.”

Neither the firm, nor the Texas based law firm listed on the filing, Trose & Cox, seem to exist and neither appears on major web search engines.

Investors, who have pushed for Avon to sell, reacted to the “news” by boosting the company’s share price by a dollar over its opening at $6.71. In less than 30 minutes $91 million worth of Avon shares changed hands before trading was halted by the NYSE.

“In response to an SEC filing made by an entity purporting to be named ‘PTG Capital Partners,’ Avon reports that it has not received any offer or other communication from such an entity and has not been able to confirm that such an entity exists,” the cosmetics company said in a statement.

The SEC has not yet commented on how the breach to its core filing system was perpetrated, by whom, or why. A likely culprit was the use of a stolen, or fraudulently obtained, EDGAR username and password.