Securities and Exchange Commission Chairman Jay Clayton issued a statement Wednesday saying the agency found in August that a previously identified cyber incident “may have provided the basis for illicit gain through trading,” MeriTalk reported Thursday.
Clayton refers to a 2016 breach of the test filing component of SEC’s Electronic Data Gathering, Analysis and Retrieval system designed to help the agency collect and track disclosure documents from issuers and other registrants.
He said the breach involved a software vulnerability in the EDGAR system’s test filing function that was used by hackers to gain access to nonpublic data.
“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk,” Clayton wrote in his public statement.
He noted that SEC continues to investigate the cyber incident and coordinate with authorities.
Clayton said he launched in May an evaluation of SEC’s internal cyber risk profile and approach to cybersecurity across five areas.
These areas include the commission’s data collection and use, internal cyber risk management, incorporation of cyber considerations into the agency’s risk-based supervision of entities; enforcement of federal security laws; and coordination with other government agencies.