SEC hack is ‘bigger’ than Equifax, cybersecurity expert says

As consumers struggle to wrap their heads around the Equifax breach that affected 143 million Americans, the SEC announced Wednesday its electronic filing system was breached and one cybersecurity expert says these incidents are just the tip of the iceberg.

“From a cybersecurity perspective we thought that Equifax … was a big deal. Now two weeks later, we have a bigger deal,” Mark Grossman, a tech lawyer with Tannenbaum Helpern, told FOX Business.

Part of the problem, Grossman said, is that punishments for cybercrime may be too lax. The other issue is that we still don’t know who is behind these hacks.

“[Cybercrime is] just exploding for lots of reasons, not the least of which is that you have to assume that [some of] these [incidents] have state actors like North Korea, Russia and China behind them,” he said. “What if the bad guy is a government? … We don’t even have a hint yet who’s behind [these hacks].”

In the case of the SEC, trillions of dollars could arguably be at stake. The particular system that was breached, the EDGAR system, stores filings from publicly traded companies. The SEC said that investors generally have access to more than 50 million pages of documents through the system that processes more than 1.7 million filings each year.

It proves “even the government is hackable,” Grossman said.

While the SEC didn’t offer much information beyond saying the hackers could have used the information to obtain illegal trading profits, it cautioned that hackers may target the EDGAR system to place fraudulent filings in the system, prevent the public from accessing the system and compromise the credentials of authorized users.

A man was arrested in May for filing a false tender on EDGAR to acquire all outstanding Fitbit shares at what was, at the time, a significant premium to the existing market value. The sham tender, according to the Department of Justice press release, resulted in the manipulation of the market by more than $100 million. The suspect, who was arrested, attempted to illegally manipulate the market price in order to profit at the expense of the public.

The SEC did not say in the release whether this incident, which occurred in 2016, was connected to the breach. The SEC also declined FOX Business’ request for comment.