The Securities and Exchange Commission said Wednesday that a cyber breach of a filing system it uses may have provided the basis for some illegal trading in 2016. Chairman Jay Clayton said a review of the agency's cybersecurity risk profile determined that the previously detected "incident" was caused by "a software vulnerability" in its EDGAR filing system, reports the AP. The SEC said the software was patched quickly after the hack was uncovered in 2016, although the possibility that some may have used it to make illegal profits was only discovered last month. The SEC revelation comes as Americans continue to grapple with the repercussions of a massive hack of Equifax, which exposed highly sensitive personal information of 143 million people. Clayton said this breach did not result in exposing personally identifiable information.
The SEC files financial market disclosure documents through its EDGAR system, which processes over 1.7 million electronic filings in any given year. Clayton's statement also mentioned that a 2014 internal review was unable to locate some agency laptops that may have contained confidential information. The agency also discovered instances in which its personnel used private, unsecured email accounts to transmit confidential information. The SEC is continuing to investigate the breach and its possible consequences and coordinating with the "appropriate authorities," according to the SEC. Clayton ordered a review of the SEC's cybersecurity profile in May, which led to the discovery of the possible illegal trading. The statement did not explain why the hack was not revealed when it was discovered last year. (More Securities and Exchange Commission stories.)