The US Securities and Exchange Commission lacked key preventive controls and adequate governance of its corporate disclosure database between 2015 and 2017, a period during which the system was hacked, an unreleased internal audit has found.
The agency also didn’t have an effective process for handling breaches of this Electronic Data Gathering, Analysis and Retrieval (EDGAR) database and wasted at least $83,000 on a software tool that proved useless, a one-page summary of the confidential SEC inspector general report said.
Without these controls, “threat actors could gain unauthorized access to the system, which could lead to illicit trading, negative impacts to the economy and public access to filings, and loss of public confidence in the SEC,” said the summary posted on the commission website this week.
SEC lacked controls for company filing breaches around time of 2016 hacking, audit says
26 September 2018 7:18am