In September 2017, the top US markets regulator disclosed that hackers had infiltrated its database that stores company financial filings which potentially allowed hackers to trade on inside information. The hackers exploited a software vulnerability in the agency’s system which “was patched promptly after discovery".
The agency confirmed they had detected the breach a year ago but did not understand the extent of the breach until a separate investigation gave cause to believe the breach may have provided the basis for illicit gain through trading.
According to the agency's chairman "We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk”.
The agency were criticised for their incident response and for their lax approach to security, especially given their oversight role on this topic for US regulated firms.
Want to discuss this case? You can purchase a 30 minute conference call with our analysts to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
We've done the analysis so you can make the decisions