Specifically, the SEC reported that hackers may have gained access to their “EDGAR” (Electronic Data Gathering, Analysis, and Retrieval) system. This is a database that handles and lists corporate filings and disclosures, and the hackers may have used the data they mined from that system to illegally profit from stock market trades.
Essentially, they pried open the database and got a sneak peek at sensitive corporate filings before they were made available to the public. Armed with that knowledge in advance, they knew exactly which companies were going to appreciate in value, and which companies were going to take a hit to their stock prices, which made it child’s play to make profitable trades.It gets worse, though. The SEC is also looking into instances where phony filings records may have been injected into the database with the specific intention of creating a stock price appreciation or tumble for specific companies.
This, then, isn’t a typical attack at all, where hackers attempt to breach a system to get at customer lists or credit card information to resell on the dark web. This is much more refined and complex, and in addition to making unknown sums of money for its architects, it has the effect of undermining confidence in the entire economic system as a whole, which makes it doubly dangerous.
Of course, as part of the SEC’s official statement, they say that the issue has been identified and patched, and that they’re cooperating fully with law enforcement officials. Both of those are good things, but unfortunately, they will do little to restore consumer confidence any time soon.
The lesson, of course, is this: no one is immune, and your company could be next.