SEC discloses hack of Edgar system in 2016

Securities and Exchange Commission Chairman Jay Clayton in a statement late Wednesday on cybersecurity disclosed the agency itself was the victim of a hack in 2016. Clayton explained, "Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems. In August 2017, the Commission learned that an incident previously detected in 2016 may have provided the basis for illicit gain through trading. Specifically, a software vulnerability in the test filing component of our EDGAR system, which was patched promptly after discovery, was exploited and resulted in access to nonpublic information. We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk. Our investigation of this matter is ongoing, however, and we are coordinating with appropriate authorities. As another example, our Division of Enforcement has investigated and filed cases against individuals who we allege placed fake SEC filings on our EDGAR system in an effort to profit from the resulting market movement." Publicly traded companies in the cybersecurity space include Barracuda (CUDA), Check Point (CHKP), F5 Networks (FFIV), FireEye (FEYE), Fortinet (FTNT), Imperva (IMPV), Palo Alto Networks (PANW), Proofpoint (PFPT), Qualys (QLYS) and Symantec (SYMC). Reference Link