S.E.C. Says It Was a Victim of a Computer Hack Last Year

Photo

The Securities and Exchange Commission said a digital attack last year may have exposed information that could have been exploited for trading purposes.

Credit
Andrew Harnik/Associated Press

HONG KONG — The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading.

The Securities and Exchange Commission said in a statement that it was still investigating the breach. It said the security vulnerability the was exploited in the hack had been patched shortly after it was discovered.

It was not clear when the breach was uncovered, although the commission said it learned in August that an incident that had been detected last year “was exploited and resulted in access to nonpublic information.”

In its statement, the commission did not release further details of the hack, including whether it had resulted in disclosure of any information about particular companies.

“Cybersecurity is critical to the operations of our markets and the risks are significant and, in many cases, systemic,” the commission’s chairman, Jay Clayton, said in the statement. “We must be vigilant. We also must recognize — in both the public and private sectors, including the S.E.C. — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”

The commission said it did not believe that the breach had involved personal information or that it would jeopardize the commission’s activities.

Continue reading the main story