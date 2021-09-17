from the INSecurities-exchange-commission dept.
The SEC has disclosed that its corporate filing system "Edgar" (Electronic Data Gathering, Analysis, and Retrieval) was hacked in 2016:
The top securities regulator in the United States said Wednesday night that its computer system had been hacked last year, giving the attackers private information that could have been exploited for trading. The disclosure, coming on the heels of a data breach at Equifax, the major consumer credit reporting firm, is likely to intensify concerns over potential computer vulnerabilities lurking among pillars of the American financial system.
The Securities and Exchange Commission said in a statement that it was still investigating the breach of its corporate filing system. The system, called Edgar, is used by companies to make legally required filings to the agency.
The agency said it learned in August that an incident detected last year "was exploited and resulted in access to nonpublic information." It said the security vulnerability used in the attack had been patched shortly after it was discovered. The hacking, it said, "may have provided the basis for illicit gain through trading."
Direct link to the SEC statement.
Also at Bloomberg.
(Score: 0) by Anonymous Coward on Friday September 22, @02:25AM (2 children)
Never!!
The treachery of even thinking such a thing should be punished with death!
(Score: 0) by Anonymous Coward on Friday September 22, @02:28AM (1 child)
Strong the sarcasm is with this one.
(Score: 2) by Gaaark on Friday September 22, @02:33AM
It's a trap!
(Score: 3, Insightful) by Virindi on Friday September 22, @02:26AM
There seems to be a culture of acceptance of this kind of incident among executives (in both industry and government). They seem to feel like the best you can do is hire some slick security management company, who then charges you a lot but you will still get "hacked". And when you do, it's not a big deal, because it happens to everyone.
What this is really about is:
1) Since it is inevitable, there is no point in spending a lot preventing hacks. When executives do buy something, since they have no clue, they go for the service with the most certifications, approvals, and marketing bullet points.
2) The "computer security" industry is terrible. A lot of certifications, checklists, approvals, and basically just piles of process in general. But it is hard to find people who actually think, because for the most part those people are not interested in following a super-stupid checklist (which you have to memorize to get the certification). And security by checklist does not work.
These two things feed on each other.
The attackers are nimble, thinking individuals. The defenders are checklist driven. You do the math. The defenders don't even have a clue what their problem is, either.
