Breakingviews: Hack at S.E.C. Provides Warning for Other Regulators
A botched investigation into a hack at the Securities and Exchange Commission is a warning for other regulatory agencies.
The agency’s chairman, Walter J. Clayton, told senators on Tuesday that he did not know the exact timing of a breach from last year and that his predecessor may not have been notified. That is troubling given the sensitive market data kept there.
During a Senate hearing this week, Mr. Clayton shed little new light on the breach into the S.E.C.’s corporate-disclosure filing system, which the agency disclosed only last week. Mr. Clayton said he only learned about it in August, a few months after he joined the agency. He also said he did not have any reason to believe that his predecessor, Mary Jo White, had been notified.
Agency bosses don’t have to be told about every hack, but the breach of the S.E.C.’s Edgar filing system, which is used by public companies and relied upon by investors, should have been reported promptly to the top.
Senators asked whether the hack raises concerns about other data housed at the S.E.C., including the Consolidated Audit Trail scheduled to go live later this year. That will contain a record of orders for most equity and listed option trades, and nonpublic information about the customers behind them. Even before the S.E.C. hack was revealed, stock exchanges and traders were worried about the potential for cyberattacks targeting that data.
At the Commodity Futures Trading Commission, investment firms have been worried about an automated trading plan that would give the agency access to trading-firm source codes without a subpoena. The agency is revising the rule after backlash from the industry, but it will probably still push for a database of trading records.
Continue reading the main story