Securities and Exchange CommissionÂ Chairman Jay Clayton issued a statement Wednesday saying the agency found in August that a previously identified cyber incident âmay have provided the basis for illicit gain through trading,â MeriTalk reported Thursday.
Clayton refers to a 2016 breach of the test filing component of SECâs Electronic Data Gathering, Analysis and Retrieval system designed to help the agency collect and track disclosure documents from issuers and other registrants.
He said the breach involved a software vulnerability in the EDGAR systemâs test filing function that was used by hackers to gain access to nonpublic data.
âWe believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the commission, or result in systemic risk,â Clayton wrote in his public statement.
He noted that SEC continues to investigate the cyber incident and coordinate with authorities.
Clayton said he launched in May an evaluation of SECâs internal cyber risk profile and approach to cybersecurity across five areas.
These areas include the commissionâs data collection and use, internal cyber risk management, incorporation of cyber considerations into the agencyâs risk-based supervision of entities; enforcement of federal security laws; and coordination with other government agencies.