WASHINGTON/SAN FRANCISCO--Hackers breached the U.S. Securities and Exchange Commission's computer system last year by taking advantage of companies that used authentic financial data when they were testing the agency's corporate filing system, according to sources familiar with the matter.
The Federal Bureau of Investigation and the U.S. Secret Service have since launched an investigation into a 2016 hack into the SEC'S EDGAR system, several of those people said. The sources spoke anonymously because it is not a public investigation.
The SEC's EDGAR system is a crucial network used by companies to file earnings reports and other material information. Spokesmen for the FBI, the Secret Service and the SEC all declined to comment, saying they could neither confirm nor deny the existence of an investigation.
The breach occurred in October 2016 and was detected that same month. The attack appeared to have been routed through a server in Eastern Europe, according to an internal government memo describing the incident, which was seen by Reuters. There was no evidence at the time that data had been improperly retrieved, according to one source familiar with the matter, and the issue was handled internally by the SEC's Office of Information Technology.
Only after the SEC's Enforcement Division detected a pattern of suspicious trading ahead of company public disclosures did officials go back to the agency's technology staff and ask if some companies were using authentic data when they were testing the EDGAR system, one of the people said. The person said that "not many companies" had submitted real data that is believed to have been hacked.
The test process “is for people to submit test filings to ensure that they format correctly and don’t have submission errors," the person said. "They normally use that right before they file their normal reports. They are supposed to use dummy data," the person said. "However, it is still supposed to be protected the same way in case they do something stupid. A couple companies did, and it wasn’t protected properly.”
SEC Chairman Jay Clayton was to confirm the enforcement division's ongoing investigation when he testifies Tuesday before the Senate Banking Committee, according to prepared testimony reviewed by Reuters.
He has also asked the SEC's Office of Inspector General to investigate the intrusion itself, the scope of non-public information that was stolen and how the SEC responded to the incident, which he said was properly reported to the Department of Homeland Security's Computer Emergency Readiness Team.
The FBI's investigation, which is being led out of New Jersey, is focusing specifically on the trading activity in connection with the breach, according to several sources. One possibility the FBI is considering is that the SEC breach was connected to a group of hackers that intercepted electronic corporate press releases in a previous case which the FBI in New Jersey helped investigate, several of the sources said.
In that case, federal prosecutors in the New York borough of Brooklyn and New Jersey, as well as the SEC, charged an alliance of stock traders and suspected computer hackers based in the United States and Ukraine.
