Exclusive: U.S. Homeland Security found SEC had ‘critical’ cyber weaknesses in January

The U.S. Securities and Exchange Commission logo adorns an office door at the SEC headquarters in Washington, June 24, 2011. The U.S. Securities and Exchange Commission logo adorns an office door at the SEC headquarters in Washington, June 24, 2011. REUTERS/Jonathan Ernst

By Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Department of Homeland Security detected five “critical” cyber security weaknesses on the Securities and Exchange Commission’s computers as of January 23, 2017, according to a confidential weekly report reviewed by Reuters.

The report’s findings raise fresh questions about a 2016 cyber breach into the SEC’s corporate filing system known as “EDGAR.” SEC Chairman Jay Clayton disclosed late Wednesday night that the agency learned in August 2017 that hackers may have exploited the 2016 incident for illegal insider-trading.

The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.

It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC in 2016.

But it shows that even after the SEC says it patched “promptly” the software vulnerability after the 2016 hack, critical vulnerabilities still plagued the regulator’s systems.

An SEC spokesman did not have any immediate comment on the report’s findings.

It is unclear if any of those critical vulnerabilities still pose a threat.

(This version of the story was refiled to correct day of the week in paragraph 2)

 

(Reporting by Sarah N. Lynch; Editing by Nick Zieminski)

 

Leave a Reply