Cyber Incident Victim: U.S. Securities and Exchange Commission
Date:
Sep 2017
Location:
United States of America
Summary
A cybersecurity breach at the U.S. Securities and Exchange Commission involved unauthorized access to its EDGAR test filing system through a software vulnerability, which was promptly patched after detection. The intrusion potentially enabled illicit trading gains by exploiting nonpublic information, though it did not compromise personally identifiable data, disrupt agency operations, or create systemic risk. An internal investigation was initiated following the discovery of the incident's possible financial implications. The agency emphasized cybersecurity as a critical priority, acknowledging the inevitability of intrusions while underscoring the importance of resilience and recovery in risk management practices across financial markets.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
In 2016, the U.S. Securities and Exchange Commission experienced a cybersecurity intrusion affecting the test filing component of its EDGAR system, which companies use for electronic submissions. The breach exploited a software vulnerability that was promptly patched after discovery. While the intrusion was detected in 2016, the SEC determined in August 2017 that the incident may have enabled illicit trading gains through unauthorized access to nonpublic information. The compromised data did not include personally identifiable information, and the incident did not jeopardize SEC operations or create systemic market risk. Upon learning of the potential misuse, Chairman Jay Clayton, who had initiated an agency-wide cybersecurity assessment after taking office in May 2017, immediately ordered an internal investigation. This breach review was part of broader organizational reforms that included establishing a senior-level cybersecurity working group to coordinate information sharing, risk monitoring, and incident response protocols across the agency.
The SEC's September 20, 2017, disclosure framed the incident within its evolving cybersecurity strategy, emphasizing resilience as a core principle. Chairman Clayton's statement acknowledged that intrusions are inevitable for both public and private sector entities, highlighting the agency's focus on recovery capabilities alongside prevention. The response incorporated enhanced internal risk management practices, including integrating cybersecurity considerations into disclosure requirements and supervisory frameworks. The Commission also reinforced collaboration with other government entities and committed to enforcing securities laws against cyber threat actors and non-compliant market participants. These measures aimed to strengthen the financial system's capacity to address cybersecurity risks through improved threat mitigation and operational continuity planning, aligning the SEC's internal security posture with its external regulatory expectations for covered entities.