US financial regulator says it was hacked in 2016

Washington (AFP) –


The US Securities and Exchange Commission was the victim of a hacking attack in 2016 and the perpetrators may have been able to profit from ill-gotten information, the agency announced.

In a press release late Wednesday, the top US financial regulator said that "in August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading."

"I recognize that even the most diligent cybersecurity efforts will not address all cyber risks that enterprises face," SEC Chairman Jay Clayton said in an accompanying statement.

"That stark reality makes adequate disclosure no less important. Malicious attacks and intrusion efforts are continuous and evolving, and in certain cases they have been successful at the most robust institutions and at the SEC itself," he said.

The attack targeted the SEC's EDGAR database which contains documents from publicly traded companies such as earnings statements and corporate transactions.

A "software vulnerability" was quickly fixed after the intrusion was discovered, but the hackers had already been able to access "nonpublic information," the SEC said.

The agency added that the hack did not compromise personally identifiable information or result in any "systemic risk" for the functioning of financial markets.

The news comes after the American firm Equifax announced two weeks ago that it was the victim of a hacking attack that compromised the personal data of more than 140 million Americans, four hundred thousand Britons and a hundred thousand Canadians -- one of the worst-ever breaches of personal data.

Equifax collects consumers' financial data in order to rate their credit-worthiness to banks, home sellers, auto sellers and others.