Hack of SEC rattles investors

WASHINGTON - Wall Street's top regulator came under fire on Thursday about its cyber security and disclosure practices after admitting hackers had breached its database of corporate announcements in 2016 and may have used it for insider trading.

The breach involved Securities and Exchange Commission's Edgar filing system, which houses market-moving information with millions of filings ranging from quarterly earnings to statements on acquisitions.

The SEC said Wednesday evening it discovered last month that cyber criminals may have used a hack detected in 2016 to make illicit trades.

SEC Chairman Jay Clayton gave members of Congress a 'courtesy call” about the hack on Wednesday afternoon before it was announced publicly, said Rep. Bill Huizenga, chairman of the U.S. House subcommittee that oversees the SEC.

'It's hugely problematic and we've got to be serious about how we protect that information as a regulator,” Huizenga said.

The SEC disclosure came two weeks after credit-reporting company Equifax said a breach has exposed sensitive personal of data up to 143 million U.S. customers, and follows last year's cyber attack on SWIFT, the global bank messaging system.

It is particularly embarrassing for the SEC and its new boss Clayton, who has made tackling cyber crime one of the top enforcement issues.

'The chairman obviously recognizes the irony of the SEC potentially serving as the unwitting tipper in an insider-trading scheme,” said John Reed Stark, president of a cyber consulting business and a former SEC staff member.

The SEC has said it was investigating the source of the hack, but it did not say exactly when it happened or what sort of non-public data was retrieved. The agency said the attackers had exploited a weakness in a part of the Edgar system and it had 'promptly” fixed it.

Most reports filed with the SEC 'generally don't contain supersensitive information,” and any insider trading would have taken place soon after company filings were made but before they were released to the public, said Gary LaBranche, president of National Investor Relations Institute.