US SEC failed to secure sensitive information: report

Security

by CBR Staff Writer| 09 November 2012

SEC left the data vulnerable to cyber attacks

The US Securities and Exchange Commission (SEC) has failed to encrypt sensitive information, leaving them exposed to hackers according to source told Reuters.

The computers under review belonged to employees in the SEC's Trading and Markets Division.

According to Reuters, some of the staffers even brought the unprotected devices to a Black Hat convention, a conference where computer hacking experts gather to discuss the latest trends.

Reuters, citing an unnamed source, reports that the SEC paid a third-party company about $200,000 to analyse and make sure none of the data was compromised.

A spokesman for the New York Stock Exchange Rich Adamonis was quoted by new agency as saying that the exchange operator is disappointed with the SEC's lapse.

"From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information," spokesman said.

Recently, SEC chairman Mary Schapiro said that the exchange is working to convert the ARP guidelines into enforceable rules after a software error at Knight Capital bankrupt the brokerage and led to a $440 m trading loss.

Comments
Post a comment

Comments may be moderated for spam, obscenities or defamation.

Join our network

739 people like this.
0 people follow this.

Security Intelligence

Suppliers Directory

Privcy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.