WASHINGTON/SAN FRANCISCO (Reuters) - Hackers breached the U.S. Securities and Exchange Commission’s computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency’s corporate filing system, according to sources familiar with the matter.
The Federal Bureau of Investigation and the U.S. Secret Service have since launched an investigation into a 2016 hack into the SEC‘S EDGAR system, several of those people said.
The sources spoke anonymously because it is not a public investigation.
The SEC’s EDGAR system is a crucial network used by companies to file earnings reports and other material information.
Spokesmen for the FBI, the Secret Service and the SEC all declined to comment, saying they could neither confirm nor deny the existence of an investigation.
The breach occurred in October 2016 and was detected that same month. The attack appeared to have been routed through a server in Eastern Europe, according to an internal government memo describing the incident, which was seen by Reuters.
There was no evidence at the time that data had been improperly retrieved, according to one source familiar with the matter, and the issue was handled internally by the SEC’s Office of Information Technology.
Only after the SEC’s Enforcement Division detected a pattern of suspicious trading ahead of company public disclosures did officials go back to the agency’s technology staff and ask if some companies were using authentic data when they were testing the EDGAR system, one of the people said.
The person said that “not many companies” had submitted real data that is believed to have been hacked.
Read more here: www.reuters.com/article/legal-us-sec-cyber/sec-hackers-accessed-authentic-data-used-by-companies-in-tests-sources-idUSKCN1C031K