The SEC announced on Sept. 20 that in 2016 it suffered a cyber breach of its electronic data gathering system known as EDGAR. A day later the press noted that the U.S. Dept. of Homeland Security testing in Jan. 2017 revealed that the SEC had critical weaknesses in its systems.
The SEC's Chairman, Jay Clayton, released two press releases, one detailing some aspects of the breach and the other presenting the Commission's policy views on cybersecurity.
These can be found here:
Coming shortly after the announcement that Equifax, a U.S. credit reporting company, had been breached, the breaches serve as a stark reminder of any company's, agency's or individual's vulnerability. While commentators quickly pounced on the SEC for its slowness in releasing news of its own breach, our Members are reminded that the Commission is actively reviewing advisers', funds' and other issuers' cybersecurity preparedness. In addition state regulators have become much more active in attempting to regulate consumer privacy at the state level. Our August update discusses these aspects.
Posted by Karl Hartmann, Sept. 23, 2017