SEC left computers vulnerable to cyber-attacks - sources

Advertisement
By Reuters | Updated: 9 November 2012 13:13 IST
Staffers at the U.S. Securities and Exchange Commission failed to encrypt some of their computers containing highly sensitive information from stock exchanges, leaving the data vulnerable to cyber-attacks, according to people familiar with the matter.

While the computers were unprotected, there was no evidence that hacking or spying on the SEC's computers took place, these people said.

The computers and other electronic devices in question belonged to a handful of employees in an office within the SEC's Trading and Markets Division. That office is responsible for making sure exchanges follow certain guidelines to protect the markets from potential cyber threats and systems problems, one of those people said.

Advertisement

Some of the staffers even brought the unprotected devices to a Black Hat convention, a conference where computer hacking experts gather to discuss the latest trends. It is not clear why the staffers brought the devices to the event.

The security lapses in the Trading and Markets Division are laid out in a yet-to-be-released report that by the SEC's Interim Inspector General Jon Rymer.

No data breached
The revelation comes as the SEC is encouraging companies to get more serious about cyber attacks. Last year, the agency issued guidance that public companies should follow in determining when to report breaches to investors.

Cyber security has become an even more pressing issue after high-profile companies from Lockheed Martin Corp to Bank of America Corp have fallen victim to hacking in recent years.

Advertisement

Nasdaq OMX Group, which runs the No. 2 U.S. equities exchange, in 2010 suffered a cyber attack on its collaboration software for corporate boards, but its trading systems were not breached.

One of the people familiar with the SEC's security lapse said the agency was forced to spend at least $200,000 and hire a third-party firm to conduct a thorough analysis to make sure none of the data was compromised.

Advertisement

The watchdog's report has already been circulated to the SEC's five commissioners, as well as to key lawmakers on Capitol Hill, and is expected to be made public soon.

SEC spokesman John Nester declined to comment on the report's findings.

Advertisement

SEC notified exchanges
Rich Adamonis, a spokesman for the New York Stock Exchange, said the exchange operator is "disappointed" with the SEC's lapse.

"From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information," he said.

A spokesman for Nasdaq OMX declined to comment on the security lapse at the SEC.

Since the internal investigation was concluded, the SEC initiated disciplinary actions against the people involved, one of the people familiar with the matter said.

The SEC also notified all of the exchanges about the incident.

The SEC's Trading and Markets Division, which has several hundred staffers, is primarily responsible for overseeing the U.S. equity markets, ensuring compliance with rules and writing regulations for exchanges and brokerages.

Among the division's tasks is to ensure exchanges are following a series of voluntary guidelines known as "Automation Review Policies," or ARPs. These policies call for exchanges to establish programs concerning computer audits, security and capacity. They are, in essence, a road map of the capital markets' infrastructure.

Although they are only voluntary guidelines, exchanges take them seriously.

Under the ARP, exchanges must provide highly secure information to the SEC such as architectural maps, systems recovery and business continuity planning details in the event of a disaster or other major event.

That is the same kind of data used by exchanges last week after Hurricane Sandy forced U.S. equities markets to shut down for two days.

Prior to re-opening, all of the U.S. stock market operators took part in coordinated testing for trading on NYSE's backup system.

SEC Chairman Mary Schapiro recently said the SEC is working to convert the voluntary ARP guidelines into enforceable rules after a software error at Knight Capital Group nearly bankrupt the brokerage and led to a $440 million trading loss.

© Thomson Reuters 2012

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Asus Vivobook 15 (2026) Launched in India Ahead of Amazon, Flipkart Sale Events
  2. Nokia 235 4G (2026), 215 4G (2026) Launched; Nokia 210 4G, 200 4G Tag Along
  3. Flipkart GOAT Sale: Top Early Deals on Smartphones, Tablets and More
  4. Huion's 2026 India Lineup Defines Next-Gen Creativity
  5. DJI Mic Mini 2S Launched With 32-Bit Float Recording, AI Noise Cancellation
  6. Best Mobiles To Grab During The Flipkart GOAT Sale
  7. iPhone 18 Pro Max Might Arrive With Apple's Biggest Battery Yet
  8. Vivo X500 Camera Details Surface Online After X500 Pro Max Leaks
  1. Cyberpunk 2077 Has Sold 40 Million Copies, CD Projekt Red Confirms
  2. Nothing Phone 1 Receives Final Software Update With Latest Security Patches, Bug Fixes and Improvements
  3. Nokia 235 4G (2026), 215 4G (2026) Launched Alongside Nokia 210 4G, and 200 4G With AI Assistant Button
  4. Samsung Galaxy S27 Ultra Battery Details Leaked; Could Top iPhone 18 Pro Max's Battery Capacity
  5. OnePlus Ace 7 Series Tipped to Feature 185Hz Display, 9,000mAh Battery
  6. WhatsApp Rolls Out Primary Device Support on iPad, Tests New Setup Screen for Android Tablets: Report
  7. Government Directs App Stores to Remove Malicious Apps Used to Disrupt E-Rickshaw Operations: Report
  8. Sony Reportedly Restructures Disc Factory After Announcing End of Physical Game Discs on PlayStation
  9. Maharashtra Legislature Passes Amendment to Bring Virtual Digital Assets Under Depositor Protection Law
  10. Redmi 17 5G NCC, SIRIM Certification Listings Reportedly Reveal Battery and Charging Details
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.