SEC Reveals It Was Hacked Last Year

Sep 21, 2017
Originally published on September 22, 2017 6:29 am
Copyright 2017 NPR. To see more, visit http://www.npr.org/.

MARY LOUISE KELLY, HOST:

The Securities and Exchange Commission has revealed it was the victim of hacking last year. And it says the hackers may have used some of the information they took for illicit stock trading. Here's NPR's Jim Zarroli.

JIM ZARROLI, BYLINE: The revelation was buried in the middle of a long-written statement on cybersecurity by SEC chairman Jay Clayton. He said the hackers were able to take advantage of a software vulnerability to break into what's known as the Electronic Data Gathering Analysis and Retrieval system or EDGAR. That's the big SEC database of annual reports and other filings put out by publicly traded companies. The agency first detected the hacking last year and quickly patched the software.

Then last month, it learned that the hackers had been able to gain access to what it called nonpublic information. And they may have used the information to profit through illicit stock trading. The SEC didn't say what the information was or which companies were involved, and there wasn't much more detail about what happened. But it did say the hacking didn't seem to pose any systemic threat to the financial markets or jeopardize the agency's operations. And it said the hackers didn't gain unauthorized access to personally identifiable information. But the SEC said the investigation into what happened is continuing, and it's cooperating with appropriate authorities.

This isn't the first time the SEC has been hacked. The agency has revealed in the past that hackers were able to put fake documents into the EDGAR database, which caused fluctuations in stock prices that they were then able to profit from. Last night's revelation comes at a time of growing concern about cybersecurity in the nation's financial system. The credit monitoring firm Equifax recently revealed a computer breach that affected more than 140 million Americans.

In his statement, SEC chairman Clayton said, the scope and severity of risks that cyber threats present have increased dramatically. And constant vigilance is required to protect against intrusions. Jim Zarroli, NPR News, New York.

(SOUNDBITE OF MF DOOM'S "COFFIN NAILS") Transcript provided by NPR, Copyright NPR.