SEC hackers accessed individuals' personal information: Chairman Clayton

U.S. Securities and Exchange Commission Chair Jay Clayton said Monday that the personal information of at least two individuals was compromised as a result of the cyberattack announced in September.

The agency said the ongoing investigation into the hack, which occurred in 2016, revealed that unauthorized third parties accessed names, birth dates and the Social Security numbers of two individuals.

“Chairman Clayton was informed by staff of this new information this past Friday, and staff are reaching out to the two individuals to notify them and offer to provide them with identity theft protection and monitoring services,” a statement released Monday read. “Should the agency’s review uncover additional such individuals whose sensitive information may have been accessed, the staff will contact them and offer them identity protection and monitoring as well.”

In its initial statement, the SEC said no personal information had been compromised in the breach of its Edgar system that could have jeopardized trillions of dollars in wealth. The Edgar system stores filings from publicly traded companies. The SEC said that investors generally have access to more than 50 million pages of documents through the system that processes more than 1.7 million filings each year.

The SEC said hackers could have used the insider information they gained from the breach to obtain illicit trading profits.

Clayton said it would take a “substantial” amount of time to complete reviews and investigations into the incident.