Zach Gibson | Bloomberg | Getty Images
Jay Clayton, chairman of U.S. Securities and Exchange Commission
Equifax, a consumer credit rating company, recently revealed that the credit records of some 143 million individuals were exposed. Disclosure of the incident wasn’t made public for weeks after it was discovered. The company’s CEO, Richard Smith, suddenly retired Tuesday.
The SEC finds itself in the middle of a similar situation, though the scale is less dramatic. The agency’s EDGAR system was broken into in 2016, and Clayton was notified only in August, some three months after he was confirmed. Corporate regulatory filings are placed in the EDGAR system, so a breach could give hackers nonpublic information that they can use to trade on.
Clayton said he “immediately” initiated an investigation and decided that “disclosure was necessary” because he determined it was “a serious matter.” He said the investigation is ongoing to determine who knew about the breach and why it wasn’t disclosed.
However, he warned that hacks remain a threat.
“We must be vigilant and we must be better,” he said, later adding, “We are under constant attack from nefarious actors.”
Clayton said he does not believe the EDGAR hack exposed personal information or poses a “systemic risk.”