DHS Found SEC had ‘Critical’ Cyber Weaknesses in January
The US Department of Homeland Security detected 5 “critical” cyber security weaknesses on the Securities and Exchange Commission’s (SEC) computers as of 23 January 2017, according to a confidential weekly report reviewed by Reuters.
The report’s findings raise fresh questions about a Y 2016 cyber breach into the US finanical market regulator’s corporate filing system known as “EDGAR.”
SEC Chairman Jay Clayton disclosed Wednesday that the agency learned in August 2017 that hackers may have exploited the Y 2016 incident for illegal insider-trading.
The January DHS report, which shows its weekly findings after scanning computers for cyber weaknesses across most of the federal civilian government agencies, revealed that the SEC at the time had the fourth most “critical” vulnerabilities.
It was not clear if the vulnerabilities detected by DHS are directly related to the cyber breach disclosed by the SEC.
But, it shows that even after the SEC says it patched “promptly” the software vulnerability after the Y 2016 hack, critical vulnerabilities still plagued the regulator’s systems.
The hack, 2 weeks after credit-reporting company Equifax (NYSE:EFX) said hackers had stolen data on more than 143-M US customers, has sent shockwaves through the US financial sector.
Mr Clayton, who was appointed by President Donald Trump in January and confirmed in May, initiated a review of the agency’s cyber practices this Spring.
He was previously scheduled to testify before a Senate banking panel next week. He is expected to face questions about the breach then, as well as from lawmakers in the House.
Former US President Barack Hussein Obama’s appointee, Mary Jo White, preceded Mr Clayton as SEC Chair, refused to comment.
Have a terrific weekend.