According to The Wall Street Journal, news that the US Securities and Exchange Commission’s electronic filing system was hacked is raising concerns of what rogue traders may do if they gained market-moving information before the news went public. This week, the SEC disclosed that that its Electronic Data Gathering, Analysis, and Retrieval System (EDGAR), which stores public company filings, was hacked last year.
While the breach was noticed in 2016, regulators were not made aware that illicit trading could become a repercussion until last month. The majority of the commissioners reportedly didn’t know the hack had occurred until “recent days.” It wasn’t until SEC Chairman Jay Clayton launched a review of the agency’s “cybersecurity vulnerabilities” this Spring that the extent of the hack became clear.
The WSJ reports that according to market veterans, there are several ways in which intruders could trade using the nonpublic information available through Edgar. Companies usually submit earnings filings in advance of them become public knowledge and it is during this time, before market release, when a rogue trader could strike. Another potential target for hackers might be the 8-K form, used by companies to disclose big events, including acquisitions, not yet disclosed medical trials, and other potentially market moving information. 13-D filings submitted by investors with a greater than 5% position in a company—this is information that could generate investor interest—could also be a target.
The SEC’s disclosure statement about the hack didn’t say when it actually happened or what information the hackers accessed. Perpetrators were reportedly able to get in through a software vulnerability found in EDGAR’s test filing component. That vulnerability has since been patched. The regulator said that it did not think the hack allowed the intruders to gain access to information that was “personally identifiable” nor did it cause “systemic risk” or place the SEC’s operations in peril.
Our securities fraud lawyers work with investors that have sustained losses due to fraud, negligence, or wrongdoing. Contact us at Shepherd Smith Edwards and Kantas, LTD LLP today.
Statement on Cybersecurity, SEC, September 20, 2017