Article

SEC Hack: Wall Street’s Top Regulator Breached

Topic: Business NetworkingBy Michael PetersPublished Recently added
No ratings yet1,044 viewsSign in to rate
The SEC hack has pitched the international finance world into turmoil as Wall Street's top regulator admits to not having secured its own systems. Move over, Equifax; the SEC hack may have just stolen your thunder. Less than two weeks after Equifax disclosed that it had been breached, compromising the personal information of half of America, the U.S. Securities & Exchange commission admitted to a 2016 attack on its EDGAR database. Because EDGAR is used to disseminate company news and data to investors, the likely goal of the SEC hack was insider trading. ZDNet reports:[The] SEC said the Edgar filing system data breach took place in 2016, but it is not yet known which companies may have been affected -- or how much the hacker profited. Edgar processes roughly 1.7 million electronic filings per year. The hacker was able to take advantage of a "software vulnerability in the test filing component" of Edgar, which "resulted in access to nonpublic information." It gets even better; during the internal audit that brought the SEC hack to light, it was also discovered that SEC staff members were using “private, unsecured email accounts to transfer confidential information.” The SEC has been bending over backwards to downplay the seriousness of the breach. Among other things, the agency stated it doesn’t “believe” any personal identifying information was compromised. Well, that’s reassuring. After all, data breaches never turn out to be far more extensive than originally reported, do they? Let this one sink in: The very agency in charge of enforcing cyber security on Wall Street, the same agency that called cyber attacks “the greatest threat to our [financial] markets,” issued a special risk bulletin after the WannaCry attacks, and very recently implied a greater emphasis on cyber security enforcement moving forward, cannot protect its own data. In fact, it turns out that the SEC itself has been warned about potential cyber security vulnerabilities for years; in January, the U.S. Department of Homeland Security found five “critical weaknesses” on SEC computers. By the way, as of this writing, nobody has any earthly idea whether those “critical weaknesses” were ever addressed, or if they played a role in the SEC hack – although the agency pinky-swore that it “promptly” patched the software vulnerability it claims led to the breach. Congress isn’t having it. They’re hauling SEC chairma Jay Clayton in front of the Senate Banking Committee. Wall Street investors and the international finance world are chewing their finge ails, especially since the SEC was poised to begin rolling out CAT, a brand-new trading history database, in November. CNBC has called CAT “the biggest financial data base ever assembled.” If the SEC couldn’t secure EDGAR, how can they be trusted with CAT? Isn’t Anyone Practicing Proactive Cyber Security and GRC Anymore? There’s an awful lot we don’t yet know about the SEC hack. We don’t know what “software vulnerability” the SEC is referring to. We don’t know who perpetrated the hack, how long they were in the SEC’s systems, or when the attack happened, other than it was sometime in 2016, and the agency didn’t figure it out until last month. We don’t know what data was stolen, other than it consisted of “nonpublic information.” We also don’t know if the hackers stopped with EDGAR or if they used the database as a foot in the door to penetrate other sections of the SEC’s network. From the information we do have, we can surmise that the SEC engaged in some of the same shenanigans as Yahoo (which ignored cyber security warnings for years), Sony Pictures and the DNC (both of which transmitted confidential information through private, unsecured email), and Equifax (which waited for nearly two months to disclose a very serious breach). We also know that proactive governance, risk, and compliance protocols prevent incidents like the SEC hack, the Equifax breach, email hacks, and the AWS hacks that are now being disclosed nearly daily. While these hacks are serious and far-reaching, from a technical standpoint, they are usually very simple and stem from companies having zero control over their data, who has access to it, and where and how it is being transmitted and stored. Data governance, risk management, and compliance with applicable data security standards are the foundation of proactive cyber security. If you don’t want your company to be the next Equifax or SEC, start with getting back to GRC fundamentals.

Article author

About the Author

Michael Peters is the CEO of Lazarus Alliance, Inc., the Proactive Cyber Security™ firm, and Continuum GRC. He has served as an independent information security consultant, executive, researcher, and author. He is an internationally recognized and awarded security expert with years of IT and business leadership experience and many previous executive leadership positions. He has contributed significantly to curriculum development for graduate degree programs in information security, advanced technology, cyberspace law, and privacy, and to industry standard professional certifications. He has been featured in many publications and broadcast media outlets as the “Go-to Guy” for executive leadership, information security, cyberspace law, and governance.

Further reading

Further Reading

4 total

Article

Introduction There was a time when the call center was seen as a place where phones rang endlessly and agents simply answered questions. That picture has changed dramatically. Today the modern call center sits at the center of customer experience, quietly coordinating returns, managing fulfillment concerns, and shaping how customers feel about every interaction with a brand. Instead of reacting to problems, teams now guide customers through complex journeys. Their role has gr

February 6, 2026

Article

In today’s financial landscape, credit scores play a major role in determining access to loans, housing, and even employment opportunities. For individuals facing late payments, collections, or inaccurate credit reports, rebuilding credit can feel overwhelming. This is why many people turn to professional services for guidance. Among the growing number of Credit Repair Companies in Houston and providers offering Credit Repair San Antonio solutions, White Jacobs continues to

February 6, 2026

Article

Choosing the right POS terminal is more important now than ever. With customer expectations rising and payment methods changing quickly, businesses need a device that works fast, stays secure, and handles different payment types. The PAX A30 is a popular Android POS terminal that has gained attention for its modern design and strong features. In this review, we look at how well it performs in real life, what makes it stand out, and whether it can truly be called the best Andr

January 17, 2026

Article

Installing a rack mount server cabinet is an important task for anyone setting up a server room or a data center. These cabinets are designed to hold servers, networking devices, and other hardware safely and in an organized way. A well-planned installation helps improve airflow, manage cables neatly, and secure equipment, which makes the server room safer and more efficient. Whether you’re setting up a small office server or a larger business data center, knowing how to in

January 16, 2026