Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.


Status message

Start your free, no obligation 5-day trial to continue exploring with full access.

Primary tabs

SEC data breach reveals fear and loathing in the mainframe

Joe Mont | September 26, 2017

At first blush, the Securities and Exchange Commission press release, entitled “Chairman Clayton Issues Statement on Cyber-Security,” doesn’t seem unusual.

Dig deep into the lengthy statement, however, and the impetus reveals itself: “In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading.”

“Specifically, a software vulnerability in the test filing component of the Commission’s EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to non-public information,” Clayton wrote. “It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk.”

The disclosure comes amid still-escalating public furor over a massive data breach that hit consumer credit rating firm Equifax, potentially exposing the personal information of 143... To get the full story, subscribe now.