The U.S. Securities and Exchange Commission disclosed late Wednesday night that hackers breached its online filing system and may have made "illicit gain through trading."
The SEC, the agency responsible for regulating the financial securities industry, gave few details about the hack, saying only that it involved a software "vulnerability" in its EDGAR online filing system, resulting in "access to nonpublic information." The statement said that it didn't believe any personally identifiable information or SEC operations were compromised and that an investigation was continuing.
Get breaking news and insider analysis on the rapidly changing world of media and technology right to your inbox.
The breach was first detected in 2016, but the SEC didn't realize until last month that the hackers may have been able to exploit the hack for profit, according to statement on cybersecurity policy, which was released at about 11 p.m. ET. Disclosure of the hack was confined to one paragraph almost a third of the way into the 5,000-word document, including footnotes.
Last year, the security risk benchmarking firm SecurityScorecard ranked federal, state and local governments last among 17 major industries and institutions it examined for cybersecurity, highlighting outdated software and slow or inadequate deployment of critical updates.
The order put responsibility for cybersecurity on the shoulders of the director of every federal agency, making it more difficult for executives to pass the buck to their information technology staffs.
Wednesday night's SEC statement went out over the signature of Chairman Jay Clayton.
Alex Johnson is a reporter and editor for NBC News based in Los Angeles.