The Chairman of the U.S. Security and Exchange Commission, Jay Clayton, spent his Tuesday morning in front of the Senate Banking Committee.
He led off his testimony with an update on the SEC hack that was quietly announced last week.
Software Vulnerability Blamed in SEC Hack
Even though the world is just recently learning of the hack, it happened last year. And now we know how.
"We believe the 2016 intrusion involved the exploitation of a defect in custom software in the EDGAR system," he said in his opening remarks. EDGAR is the Electronic Data Gathering, Analysis, and Retrieval System. Company registration and other statements are done through this system.
SEC Approaching Hack From Two Directions
In his testimony before Congress, SEC Chairman Clayton says the agency is looking at the hack in two different ways.
"The first component has been focused on the 2016 intrusion itself, including efforts to determine its scope and whether there were or are any related vulnerabilities in our EDGAR system."
"The second component of our review and investigation consists of our investigation into trading potentially related to the intrusion. This investigation is being conducted by our Division of Enforcement and is ongoing."
SEC Asking For Government Investigation Into Hack
In his opening remarks to the Senate Banking Committee on Tuesday, September 26, 2017, the SEC Chairman also says he's asking the Office of the Inspector General (OIG) to open an investigation into the intrusion. And he's authorized the hiring of additional cybersecurity personnel.
SEC on Timing Of Breach Announcement
So why did news of the 2016 hack only recently come to light? The SEC Chairman explained the timing to congress:
"I made this disclosure because I believed that, once I knew enough to understand that the 2016 intrusion provided access to nonpublic EDGAR test filings and that this may have resulted in the misuse of nonpublic information for illicit gain, it was important to disclose the incident and our cyber risk profile more generally to the American public and Congress."
There is more to come on this story. For the latest developments and original stories around cybersecurity, follow SecureWorld on LinkedIn, Twitter, or Facebook.
