|
Chairman Jay Clayton said in a statement Monday that additional
forensic analysis had found that the Social Security numbers,
dates of birth, and names of two individuals were made available
to the hackers after they breached the SEC's corporate filing
system known as EDGAR. The agency is reaching out to those
people and offering them identity theft protection services.
Clayton had previously said no personally identifiable
information had been accessed in the breach, which occurred in
2016. In his statement Monday, Clayton said the agency was still
working to determine if additional individuals' information may
have been compromised.
In addition, Clayton said the SEC is immediately hiring
additional staff and outside technology consultants to review
and improve its existing cybersecurity policies and practices.
The agency is also reviewing its use of EDGAR, including
reviewing the types of data companies can submit to it, as well
as whether that database is the appropriate mechanism for
gathering that sort of information.
Clayton said the agency is committing more resources to its
efforts to modernize EDGAR, and expects to commit even more in
the future.
He added that there are five separate reviews under way at the
SEC following the hack. The Office of Inspector General,
Division of Enforcement, and Office of General Counsel are all
conducting separate probes into the hack, while the agency is
also reviewing EDGAR and its cybersecurity in general.
However, Clayton cautioned that there could be "substantial
time" before those reviews are complete.
(Reporting by Pete Schroeder; Editing by Chizu Nomiyama and
Andrea Ricci)
[© 2017 Thomson Reuters. All rights
reserved.] Copyright 2017 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
|
