SEC says 2016 hack exposed personal data

Hackers accessed the personal information of two individuals by breaching the Securities and Exchange Commission’s (SEC) electronic filing system in 2016, SEC Chairman Jay Clayton revealed Monday.

Clayton said in a Monday statement that hackers accessed the birthdates and Social Security numbers of two people by breaching the SEC’s EDGAR electronic filing system, through which publicly traded companies make public and private disclosures about their financial affairs.

The two individuals have been contacted and provided with identity theft prevention and assistance, Clayton said.

{mosads}

SEC officials previously said that no personal information was revealed during the breach, making Monday’s revelation a notable change in the nature of the hack. Officials think the hackers may have profited by trading on insider information stolen from the EDGAR system.

Companies and investors send scores of forms through EDGAR on securities sales, initial public offerings, corporate financial information and structural plans. While much of the system is publicly accessible, it also contains private financial records that only regulators can see.

The SEC said Clayton learned about the personal information breach last Friday, days after warning lawmakers it would be a “substantial” amount of time before the agency would know the full extent of the attack.

“The 2016 intrusion and its ramifications concern me deeply. I am focused on getting to the bottom of the matter and, importantly, lifting our cybersecurity efforts moving forward,” Clayton said.

The SEC is currently probing the agency’s response to the hack, more details about the hack itself, the breach’s effect on financial markets, whether insider trading occurred and how to boost its cybersecurity defenses.