The Securities and Exchange Commission yesterday disclosed that its EDGAR system for filings and reports was hacked in 2016 and that hacked non-public data may have been used as a basis for insider trading. The agency attributed the breach to a software vulnerability in the test filing component of EDGAR — short for Electronic Data Gathering, Analysis and Retrieval — which SEC-registered companies use to file statements and reports.
“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk,” said SEC Chairman Jay Clayton, who noted that the breach was detected in 2016 but that the illicit trades were not discovered until August 2017. “Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities.”