Richard L. Cassin Publisher and Editor

Andy Spalding Senior Editor

Jessica Tillipman Senior Editor

Harry Cassin Managing Editor

Elizabeth K. Spahn Editor Emeritus

Cody Worthington Contributing Editor

Julie DiMauro Contributing Editor

Thomas Fox Contributing Editor

Marc Alain Bohn Contributing Editor

Bill Waite Contributing Editor

Shruti J. Shah Contributing Editor

Russell A. Stamets Contributing Editor

Richard Bistrong Contributing Editor 

Eric Carlson Contributing Editor

Bill Steinman Contributing Editor

Aarti Maharaj Contributing Editor

FCPA Blog Daily News

« FinCEN warns banks about laundering Venezuela bribe money | Main | Judge Sporkin et al: The FCPA at 40 (Live and streaming on September 25) »

SEC discloses hack of Edgar

The U.S. Securities and Exchange Commission said Wednesday hackers broke into its electronic document storage system last year.

The hackers may have traded on information they found, the SEC said.

SEC chairman Jay Clayton issued a long statement Wednesday about the SEC's cybersecurity.

He said the hack exploited a software weakness in Edgar -- the Electronic Data Gathering, Analysis and Retrieval system.

The agency patched the vulnerability and is still investigating the source of the hack.

SEC flings by public companies and regulated financial firms and advisers are held by Edgar.

Clayton said the SEC discovered the hack in 2016. It detected possible illegal trading related to the hack in August this year.

In addition to outside hackers, Clayton said the SEC is vulnerable to unauthorized access by its own personnel and by vendors.

The SEC "employs an agency-wide cybersecurity detection, protection and prevention program for the protection of agency operations and assets," Clayton said. 

The program includes cybersecurity protocols and controls, network protections, system monitoring and detection processes, vendor risk management processes, and regular cybersecurity and privacy training for employees, according to Clayton. 

"[W]e expect to hire additional expertise in this area," Clayton said in his statement.

SEC filings are eventually made public through the searchable Edgar system.

It isn't clear how the hackers exploited Edgar. They may have used early access to company filings to trade on non-public information.


Richard L. Cassin is the publisher and editor of the FCPA Blog.