The U.S. Securities and Exchange Commission (SEC), Wall Street’s top market regulator and watchdog, said late Wednesday that one of its systems was breached last year, a situation that a cybersecurity expert warns can impact "trillions of dollars."
“It’s the same issue as Equifax, they are supposed to be the guardians of trusted information,” cybersecurity expert Morgan Wright told FOX Business. “[Like Equifax is the Fort Knox for individuals’ information] … the SEC is the Fort Knox for the companies, they hold all the gold, they hold all the most sensitive secrets.”
Trust might be eroded at both Equifax and the SEC, but the SEC will take part in regulating what happens to Equifax while it had some serious software vulnerabilities of its own that could potentially have been used to manipulate the markets.
“Who watches the watchers?” Wright asked. “[This is] insidious … you could alter data, change things. How could you ever get back to the point … [where people can] trust the information [they] have in there?”
SEC chair Jay Clayton mentioned late Wednesday, in a lengthy statement, that the EDGAR system was breached in 2016, which it says was discovered in August of 2017 but was “previously detected.” The commission said hackers exploited a software vulnerability and gained access to nonpublic information. Unlike the massive Equifax hack, which potentially compromised the information of 143 million Americans, the SEC alleged its breach did not jeopardize personally identifiable information. The committee also says the hackers did not alter the SEC’s operations or cause a systemic risk.
The particular system that was breached, the EDGAR system, stores filings from publicly traded companies. The SEC said that investors generally have access to more than 50 million pages of documents through the system that processes more than 1.7 million filings each year.
While the SEC didn’t offer much information beyond saying the hackers could have used the information to obtain illegal trading profits, it cautioned that hackers may target the EDGAR system to place fraudulent filings in the system, prevent the public from accessing the system and compromise the credentials of authorized users.
“You could use the information to make trades, acquisitions or adverse filings … It’s like being an outsider with insider information,” Wright said.
As Wright pointed out, a man was arrested in May for filing a false tender on EDGAR to acquire all outstanding Fitbit shares at what was, at the time, a significant premium to the existing market value. The sham tender, according to the Department of Justice press release, resulted in the manipulation of the market by more than $100 million. The suspect, who was arrested, attempted to illegally manipulate the market price in order to profit at the expense of the public.
The SEC did not say in the release whether this incident, which occurred in 2016, was connected to the breach. The SEC also declined FOX Business’ request for comment.