SEC Discloses Hackers Penetrated EDGAR, Profited in Trading

Chris Woodyard, writing for USA Today: Hackers made their way into the Security and Exchange Commission's EDGAR electronic filing system last year, retrieving private data that appear to have resulted in "an illicit gain through trading," the agency said. It was only in August that the commission learned that hackers may have been able to use their illegal activities to make ill-gotten gains through market trading, said Chairman Jay Clayton in a lengthy statement posted on the SEC's website. EDGAR, which stands for Electronic Data Gathering Analysis and Retrieval, is considered critical to the SEC's operation and the ability of investors to see the electronic filings of companies and markets. The SEC says about 50 million documents are viewed through EDGAR on a typical day. It receives about 1.7 million filings a year.

  • Assumption (Score:3)

    by Archangel Michael ( 180766 ) on Thursday September 21, 2017 @10:57AM (#55238391) Journal

    Lets just assume that everything has been hacked, and proceed from there.

    Because if it hasn't been hacked, then it will be. And if you think you haven't been hacked, you probably already have been.

    This is the safest assumption of all, and is more than likely to be accurate at some point.

  • Accountants (Score:3)

    by fluffernutter ( 1411889 ) on Thursday September 21, 2017 @10:58AM (#55238393)
    This will just get worse and worse until organizations understand that technology is as important to their business plan as proper accounting, lawyers and paying shareholders. Up until now it seems to be an afterthought, glommed on and budgeted like office supplies.

    • This will get worse and worse until the people who are supposedly guarding the data get financially destroyed when any breach occurs, and we can start locking up hackers. And since hackers can more or less remain anonymous, locking them up is hardly a deterrent when any script kiddy can hack any system from Mom's basement.

      • Actually, the solution is probably to start locking up executives of companies who are found to be negligent in their data protection responsibilities.

    • Re: (Score:1)

      by gidzero ( 535462 )
      Until we realize that building secure systems is actually really hard, and we can't just glob on security. There is more to security then making sure systems are updated regularly, audits are performed, and absurd password requirements are met. The GAO report on the SEC's systems (https://www.gao.gov/assets/690/686192.pdf) had these 2 recommendations: (1) Maintain up-to-date network diagrams and asset inventories in the system security plans for GSS and a key financial system to accurately and completely

  • Commander Adama in BSG had the solution to all of this! Pull the plug on the network connection!

  • What could a trader gain by hacking into it?

    • Re: (Score:3)

      by chill ( 34294 )

      Not everything in EDGAR is public. Some items are submitted to EDGAR in advance of actions, and aren't released to the public until later, on a set schedule.

      Those items can be used for frontrunning trades, and are essentially "insider information".

  • My bet (Score:3)

    by fubarrr ( 884157 ) on Thursday September 21, 2017 @11:14AM (#55238475)

    I bet that what they are talking about refers to people being able to see company's statements earlier than their nominal publication date. No hacking was required, that just had to make up a URL parameter

  • Are we approaching the point where the only way your money and valuable personal information is only safe if it's stuffed under your mattress or buried in a coffee can in your yard somewhere? i'm only half kidding.

