SEC Discloses Hackers Penetrated EDGAR, Profited in Trading

Chris Woodyard, writing for USA Today: Hackers made their way into the Security and Exchange Commission's EDGAR electronic filing system last year, retrieving private data that appear to have resulted in "an illicit gain through trading," the agency said. It was only in August that the commission learned that hackers may have been able to use their illegal activities to make ill-gotten gains through market trading, said Chairman Jay Clayton in a lengthy statement posted on the SEC's website. EDGAR, which stands for Electronic Data Gathering Analysis and Retrieval, is considered critical to the SEC's operation and the ability of investors to see the electronic filings of companies and markets. The SEC says about 50 million documents are viewed through EDGAR on a typical day. It receives about 1.7 million filings a year.

Assumption

[Archangel+Michael]

Lets just assume that everything has been hacked, and proceed from there.

Because if it hasn't been hacked, then it will be. And if you think you haven't been hacked, you probably already have been.

This is the safest assumption of all, and is more than likely to be accurate at some point.

Accountants

[fluffernutter]

This will just get worse and worse until organizations understand that technology is as important to their business plan as proper accounting, lawyers and paying shareholders. Up until now it seems to be an afterthought, glommed on and budgeted like office supplies.

Re:Accountants

[Archangel+Michael]

This will get worse and worse until the people who are supposedly guarding the data get financially destroyed when any breach occurs, and we can start locking up hackers. And since hackers can more or less remain anonymous, locking them up is hardly a deterrent when any script kiddy can hack any system from Mom's basement.

Re: Accountants

[nehumanuscrede]

They like to use cost as an excuse for poor security. Cheapest hardware, outsourced IT personnel, and always slashing of the IT budgets. Security isn't an investment in their eyes, it's an expense. Is why they all like " The Cloud " because it offloads that responsibility onto anothers shoulders.

Not enough forward thinking to understand what happens to their stock price and / or litigation flooding when a serious breach goes public due to their negligence disguised as " cost savings ".

Start jailing the executives of these companies and they'll start taking things more seriously.

Re:Accountants

[Rob+Riggs]

The information security professionals should define security standards, security auditing standards, and security reporting standards, much like we have in the financial realm, for all publicly traded companies. And they should lobby the SEC and Congress to mandate that these be filed with them just like quarterly financial statements. Actually, its far more likely that we can get the Europeans on board with this, and then it will eventually trickle down to the US.

My bet

[fubarrr]

I bet that what they are talking about refers to people being able to see company's statements earlier than their nominal publication date. No hacking was required, that just had to make up a URL parameter

Mattresses and buried coffee cans

[Rick+Schumann]

Are we approaching the point where the only way your money and valuable personal information is only safe if it's stuffed under your mattress or buried in a coffee can in your yard somewhere? i'm only half kidding.

Re:Mattresses and buried coffee cans

[torkus]

Two people can keep a secret if one of them is dead, and the other doesn't have internet.

Re:Aren't filings on edgar public?

[chill]

Not everything in EDGAR is public. Some items are submitted to EDGAR in advance of actions, and aren't released to the public until later, on a set schedule.

Those items can be used for frontrunning trades, and are essentially "insider information".