SEC under fire for being hacked despite warnings on security

The federal agency responsible for ensuring markets function properly and protecting investors is under fire after disclosing its computer system was hacked despite repeated warnings about deficiencies in its cybersecurity measures.

The Securities and Exchange Commission said late Wednesday it discovered a breach to its corporate filing system last year but only became aware last month information obtained by the attackers may have been used for illegal trading gains.

The agency did not explain why the initial hack was not revealed sooner or which individuals or companies may have been affected. The disclosure arrived two months after a government watchdog said deficiencies in the SEC's filing system put the system and the information it contains at risk.

The hack was disclosed by SEC chairman Jay Clayton in a statement posted to the agency's website and comes two weeks after the credit agency Equifax revealed a cyberattack there had exposed highly sensitive personal information of 143 million people.

Clayton is scheduled to appear Tuesday before the Senate Banking Committee.

Democratic Sen. Mark Warner of Virginia, a member of the committee, said in a statement Thursday the disclosures by the SEC and Equifax show "that government and businesses need to step up their efforts to protect our most sensitive personal and commercial information."

In a statement, Clayton said a review of the agency's cybersecurity-risk profile determined the previously detected incident was caused by "a software vulnerability" in its filing system known as EDGAR, short for Electronic Data Gathering, Analysis and Retrieval system.

EDGAR processes more than 1.7 million electronic filings in any given year. Those documents can cause enormous movements in the market, sending billions of dollars in motion in fractions of a second.

Clayton said the SEC has been conducting an assessment of its cybersecurity since he took over as chairman in May.