The market regulator revealed that its electronic database was hacked in 2016. However, the commission learned that the breach could have been exploited for illicit trading only a month ago.
When asked what kind of information the commission stores, how important it is and what ramifications this security breach may have in the long term, Stephen Neville said that the SEC deals with financial data submitted by public companies.
Regarding the steps the SEC was going to take as an agency to make sure that no such things ever happen again, he said that all modern organizations need to update their security protocols to keep pace with the ever-changing methods used by hackers.
“The focus of cybercrimes is now to convert these attacks into money; it focuses on high-value targets such as data bases, credit card numbers, and personal identity data that can be very attractive to them, etc. So this is an ongoing challenge for organizations,” he added.
When asked what he would recommend to financial services companies, which have recently faced an increase in cybercrime activity, to best protect themselves, Neville said that they should review their security arrangements, regularly update their processors, etc.
Meanwhile, the SEC chairman Jay Clayton said that a review of the cyber-attack is underway.
He added that the hack occurred due to a software vulnerability within the agency’s databases.
The SEC owns datasets of sensitive and confidential information that could be used for insider-trading or manipulating US equity markets.