The US Securities and Exchange Commission (SEC) waited until Wednesday to disclose a hack of its corporate filing system that occurred last year, raising questions about the agency’s ability to protect important financial information and comes as Americans are still weighing the consequences of the massive hack at Equifax Inc.
While the SEC discovered the breach to its corporate filing system last year, the agency said it only became aware last month that information obtained by the intruders might have been used for illegal trading profits.
Experts question the length of time taken to disclose the breach and why the SEC is not meeting the same security standards it demands of corporate America.
Photo: Reuters
“It took quite a while,” said Robert Cattanach, an attorney at Dorsey & Whitney and former trial attorney for the US Department of Justice, whose work includes cybersecurity and data breaches. “The integrity of our whole trading system is dependent on keeping this information secure... People have got some ‘splaining to do.”
The SEC did not explain why the initial hack was not revealed sooner, or which individuals or companies may have been affected. The disclosure came two months after a government watchdog said deficiencies in the corporate filing system put the system, and the information it contains, at risk.
The SEC also did not disclose any information about who might have carried out the breach. A hack by Chinese or Russian actors cannot be ruled out, experts say.
“Certainly state actors would be on the list of suspects that come to mind,” said Marcus Christian, a former federal prosecutor who is an attorney working in Mayer Brown’s cybersecurity and national security practices.
Still, the list would also include “regular old criminal actors,” Christian added.
SEC Chairman Jay Clayton disclosed the hack in a statement posted to the agency’s Web site. It came just two weeks after the credit agency Equifax revealed a stunning cyberattack that exposed highly sensitive personal information of 143 million people.
Clayton is to appear on Tuesday before the US Senate Banking Committee, and he is certain to be questioned about the hack.
US Senator and committee member Mark Warner said in a statement on Thursday that the disclosures by the SEC and Equifax show “that government and businesses need to step up their efforts to protect our most sensitive personal and commercial information.”
Clayton blamed the breach on “a software vulnerability” in the filing system known as EDGAR —Electronic Data Gathering, Analysis and Retrieval system.
EDGAR processes more than 1.7 million electronic filings a year. Those documents can cause enormous movements in the stock market, sending billions of US dollars into motion in fractions of a second.
The hack of EDGAR is especially concerning because of how widely investors have used and trusted the system, which first came online in the early 1990s.
Companies periodically file earnings and a range of financial information, and they alert investors to important developments that could affect their share prices, like government investigations, executive shake-ups and approaches for a takeover.
On Tuesday, US President Donald Trump weighed in on a pressing national issue: The rebranding of a restaurant chain. Last week, Cracker Barrel, a Tennessee company whose nationwide locations lean heavily on a cozy, old-timey aesthetic — “rocking chairs on the porch, a warm fire in the hearth, peg games on the table” — announced it was updating its logo. Uncle Herschel, the man who once appeared next to the letters with a barrel, was gone. It sparked ire on the right, with Donald Trump Jr leading a charge against the rebranding: “WTF is wrong with Cracker Barrel?!” Later, Trump Sr weighed
HEADWINDS: Upfront investment is unavoidable in the merger, but cost savings would materialize over time, TS Financial Holding Co president Welch Lin said TS Financial Holding Co (台新新光金控) said it would take about two years before the benefits of its merger with Shin Kong Financial Holding Co (新光金控) become evident, as the group prioritizes the consolidation of its major subsidiaries. “The group’s priority is to complete the consolidation of different subsidiaries,” Welch Lin (林維俊), president of the nation’s fourth-largest financial conglomerate by assets, told reporters during its first earnings briefing since the merger took effect on July 24. The asset management units are scheduled to merge in November, followed by life insurance in January next year and securities operations in April, Lin said. Banking integration,
LOOPHOLES: The move is to end a break that was aiding foreign producers without any similar benefit for US manufacturers, the US Department of Commerce said US President Donald Trump’s administration would make it harder for Samsung Electronics Co and SK Hynix Inc to ship critical equipment to their chipmaking operations in China, dealing a potential blow to the companies’ production in the world’s largest semiconductor market. The US Department of Commerce in a notice published on Friday said that it was revoking waivers for Samsung and SK Hynix to use US technologies in their Chinese operations. The companies had been operating in China under regulations that allow them to import chipmaking equipment without applying for a new license each time. The move would revise what is known
Artificial intelligence (AI) chip designer Cambricon Technologies Corp (寒武紀科技) plunged almost 9 percent after warning investors about a doubling in its share price over just a month, a record gain that helped fuel a US$1 trillion Chinese market rally. Cambricon triggered the selloff with a Thursday filing in which it dispelled talk about nonexistent products in the pipeline, reminded investors it labors under US sanctions, and stressed the difficulties of ascending the technology ladder. The Shanghai-listed company’s stock dived by the most since April in early yesterday trading, while the market stood largely unchanged. The litany of warnings underscores growing scrutiny of
RSS