Hexbyte  Hacker News  Computers Hackers broke into an SEC database and made millions from inside information, says DOJ

Hexbyte Hacker News Computers Hackers broke into an SEC database and made millions from inside information, says DOJ

Hexbyte Hacker News Computers

Hexbyte  Hacker News  Computers Jay Clayton, chairman of U.S. Securities and Exchange Commission (SEC), speaks during an SEC open meeting in Washington, D.C., U.S., on Wednesday, April 18, 2018.

Yuri Gripas | Bloomberg | Getty Images

Jay Clayton, chairman of U.S. Securities and Exchange Commission (SEC), speaks during an SEC open meeting in Washington, D.C., U.S., on Wednesday, April 18, 2018.

Federal prosecutors unveiled charges in an international stock-trading scheme that involved hacking into the Securities and Exchange Commission’s EDGAR corporate filing system.

Also at the time, the incident sparked fears over the SEC’s Consolidated Audit Trail database, known as CAT. The CAT was meant to record every trade and order — either stock or option — made in the U.S., with the goal of providing enough data to analyze for detecting market manipulations and other malicious behavior.

Full implementation of the CAT has been plagued by delays, with equities reporting now scheduled to begin in November. The New York Stock Exchange has asked the SEC to consider limiting the amount of data collected by the CAT, which would include data on around 58 billion daily trades, as well as the personal details of individuals making the trades, including their Social Security numbers and dates of birth.

In September 2017, SEC chairman Jay Clayton announced the EDGAR database had been hacked in a lengthy statement. The commission said the database was penetrated in 2016 but the incident wasn’t detected until August 2017.

“Cybersecurity is critical to the operations of our markets, and the risks are significant and, in many cases, systemic,” Clayton said at the time. “We also must recognize — in both the public and private sectors, including the SEC — that there will be intrusions, and that a key component of cyber risk management is resilience and recovery.”