https://www.bloomberg.com/news/arti...edgar-may-have-led-to-illicit-trading-profits By Benjamin Bain and Matt Robinson September 21, 2017, 9:07 AM EDT " The vulnerability of governments and businesses to cyberattacks was exposed again Wednesday when a top U.S. financial regulator said hackers had breached its electronic database of market-moving corporate announcements, and may have profited from the information they stole. statement. While the SEC has been aware of the breach since 2016, it wasn’t until last month that the agency concluded that the cybercriminals involved may have used their bounty to make illicit trades. The regulator disclosed the intrusion for the first time Wednesday. Edgar houses millions of filings on corporate disclosures ranging from quarterly earnings to statements on mergers and acquisitions. Infiltrating the SEC’s system to review announcements before they are released publicly would serve as a virtual treasure trove for a hacker seeking to make easy money. SEC Chairman Jay Clayton said the agency’s review of the breach is ongoing and that it’s “coordinating with the appropriate authorities.” ‘Everyone Vulnerable’ The SEC’s disclosure comes just two weeks after credit-reporting company Equifax Inc. said it had been a victim of a hack that may have led to the theft of personal data on 143 million Americans. With the public and lawmakers still reeling from Equifax’s breach, the SEC intrusion is almost certain to trigger additional questions over whether the U.S. government can do more to protect data. "This hack illustrates that protecting against hackers isn’t as easy as the government sometimes expects of companies,” said Bradley Bondi, a former SEC attorney now in private practice. “Everyone is vulnerable at any time." The SEC didn’t say which companies may have been impacted by the 2016 intrusion. Chris Carofine, a spokesman for Clayton, declined to comment when asked what type of information was improperly accessed. The breach occurred because of a software vulnerability in Edgar, the SEC said in its statement. While the weakness was “patched promptly after discovery,” it still resulted in hackers gaining access to nonpublic information, according to the agency. Security Concerns The SEC discussed the 2016 hack in a lengthy statement by Clayton on the agency’s cybersecurity efforts. He described some of the threats and data that the agency routinely handles, its role in policing the online world, and how it coordinates with other federal agencies. While the SEC handles non-public drafts of rules and personally-identifiable information, it said it doesn’t believe the breach led to unauthorized access of that type of data, endangered the operations of the agency, or resulted in “systemic risk.” Still, Wednesday’s disclosure may heighten concerns around the Consolidated Audit Trail, an enormous database of equity trades that is being built to give regulators better transparency into markets and help them figure out more quickly the causes of disruptions. Financial firms have expressed concern about data breaches once the new database is completed. The repository could include personal information such as names and addresses from more than 100 million customer accounts. The SEC has had other issues with Edgar, including people posting phony takeover offers and other hoaxes on the system that have temporarily driven up companies’ share prices. A number of filings are immediately posted on Edgar when they are submitted to the database, so it’s unclear what kind of information is kept non-public that could be a target for hackers. ‘Substantial Risks’ The SEC said it has been conducting an assessment of its cybersecurity since Clayton took over as chairman in May. The former Wall Street deals lawyer has discussed cyberrisks on multiple occasions in the context of the threats public companies face and their responsibilities to protect themselves. The SEC regulates what companies must disclose to shareholders about breaches. Last week, in response to a reporter’s question about the fallout from the recent Equifax hack, Clayton said the agency was working to increase public awareness of the “substantial systemic risks” associated with cybersecurity. The data stolen from Equifax included Social Security numbers, drivers license information and birth dates. Banks rely on the information that Equifax and other credit-reporting companies provide in determining whether consumers should get loans. "
Makes me wonder how much of this "hacking" is occurring in the corporate world that we "do not" hear about involving CEOs, board members and such. Thus, if they were hacked...would they bother to tell anyone or maybe they'll most likely not even know they were hacked and someone is profiting from the info.
I have gotten some errors on EDGAR that made me question how secure it was. Only a matter of time and could have been going on for years by others if they were smart enough not to be greedy and blend it in with other trading to avoid the suspicious activity screens.
When do you think their going to start hacking the Brokerage Accounts and Exchanges, we all know its gonna happen but when?
That's a little akin to saying "There's a gang hitting the local libraries, we all know they're gonna hit the banks next, it's just a matter of when". EDGAR was archaic, as all of us who ever used it know. Heck the hackers probably broke in a year ago but had to spend 6 months teaching themselves COBOL before they could actually understand the codebase. Security was clearly an afterthought and it was a very soft target. Brokers and the exchanges have entire teams working on this plus auditors to evaluate those efforts. I'm sure a couple will end up hacked just like people still rob banks, but like banks they're a hard target to start with and even if you did pull off a successful hack it's still hard to extract anything from it without getting caught, especially given the level of attention it will receive.
That's already happened at "many" brokerages. Most have stated just account information was accessed but funds were not impacted. Others say that when the hack occurred...unauthorized trade transactions occurred. I know as of 2015, most firms didn't have any guarantees in place for hacked accounts where transactions occurred. Many put the responsibility on the client to discover any unauthorized transactions including "funds transfer" and they have a timeline for doing such...like 30 days. If its a large amount of money, they will look into your online habits, password use, log-in locations to determine if your online habits were "safe". I remember reading an online article about this with either CNBC, Forbes or Marketwatch...something like that. Don't share anything with anyone. If something does go wrong and they discover you've shared something...you won't be reimbursed. http://www.marketwatch.com/story/hacked-this-is-what-the-top-5-brokers-will-do-for-you-2015-10-27
This is a big deal. There could've been thousands of illicit trades in the markets before they found out.
What you hear and see on the news and on media sites is just the tip of the iceberg...things usually run DEEP` More than meets the eye. Nothing really surprises me anymore.
Well you can't lose a lot of money without it showing up on the financials and you can't have customers lose a lot of money without it showing up places like here. They don't pay the all the employees there that touch the financials enough to put their life in legal jeopardy falsifying financials to cover a hack.