The U.S. Securities and Exchange Commission displayed how vulnerable government agencies are to cyberattacks when it disclosed last week that hackers had breached its database. The hackers were able to get into the SEC’s corporate filing system, which is called Edgar. The filing system is used by companies to make disclosures that are legally required. For example, companies can use Edgar to file quarterly earnings or disclose statements on mergers and acquisitions before they are made public. This electronic database of market-moving corporate announcements was targeted by hackers because the confidential information in Edgar allowed hackers to turn a profit.
The cyber attackers were able to exploit a software vulnerability in the test filing component of Edgar. The SEC learned of the data breach last year, the same year that the incident occurred. However, the SEC didn’t determine that the hackers used the stolen data to make illicit trades until August of this year. The SEC immediately patched the security gap when it was discovered, but by this time the hackers had already seen confidential information. It is not yet known which companies may have been affected by the hackers’ insider trading.
Back in July, the Government Accountability Office released a report that found security gaps in the SEC’s information systems. The GAO also found that the vulnerabilities limited the effectiveness of the SEC’s ability to protect confidentiality and integrity. The report also said that the SEC failed to consistently encrypt sensitive information.
SEC Chairman Jay Clayton says that the agency is still reviewing the breach, but it is coordinating with authorities as well. The SEC still does not know exactly how much the hackers made in profits from this breach.
The news of the breach at the SEC comes after Equifax disclosed earlier this month that the personal information of 143 million Americans was compromised by hackers. The breach at Equifax will affect 44% of the U.S. population. Due to this breach, consumers are growing distrustful of financial institutions and government agencies that claim to protect sensitive information. To prevent a data breach, below are a few steps that government agencies can take:
The data breach at the SEC shows how vital cybersecurity software is to government agencies. With endpoint management software, government agencies can uncover vulnerabilities, remediate security gaps, and identify unauthorized users. As government agencies become a key target for cyber attackers, Endpoint Management Solution can help keep confidential data secure.