Two days ago, the Securities and Exchange Commission disclosed that its EDGAR filing system used by companies to file both public and confidential information was hacked and that the hacking “may have provided the basis for illicit gain through trading.”  Hacking to obtain inside information for purposes of stock trading has become a new concern, most notably in the case of American and Ukrainian hackers who hacked into public relations companies Business Wire and PR Newswire to get press releases dealing with corporate profits and losses before the information was made public.  The hackers were caught and convicted.
What is particularly disturbing about the SEC data breach is that vulnerabilities in the SEC’s information security systems were identified by the Government Accountability Office two years ago and recommendations were made to improve the systems, however, many of those critical recommendations still have not been implemented leaving the integrity of our financial system in serious jeopardy.
In addition, the system not only is vulnerable to data being stolen, but even data being changed or manipulated which also could have a devastating effect on our financial system.
The SEC should immediately implement the GAO recommendations previously ignored dealing with protecting its network boundaries from possible intrusions, identifying and authenticating users, authorizing access to resources, auditing and monitoring actions taken on its systems and network and most importantly encrypting sensitive information while it is being transmitted.  In addition the SEC should immediately act to follow up on fifteen new security deficiencies identified by the GAO this past summer dealing with its information systems.
Concerned citizens should consider contacting their senators and congressmen to urge them to act in this matter.  The integrity of our financial system is in jeopardy.