Personal info leaked in SEC breach

Shutterstock image: open lock. 

At least two people had their sensitive, personal data exposed when hackers broke into the Securities and Exchange Commission's public-facing financial filing system, known as EDGAR, in 2016. The update was provided in an SEC press release just one week after Chairman Jay Clayton told the Senate Banking Committee that he did not believe any personally identifying information was stolen during the intrusion.

The agency clarified Oct. 2 that a forensic analysis "has now determined that an EDGAR test filing accessed by third parties as a result of that intrusion contained the names, dates of birth and social security numbers of two individuals." According to the release, SEC staff informed Clayton of this latest revelation on Sept. 29, and the agency has not ruled out the possibility of additional disclosures in the future.

"While our review and remediation efforts are ongoing and may take substantial time to complete, I believe it is important to provide new information regarding the scope of the 2016 intrusion and provide an update on the steps we are taking to assess and improve the cybersecurity risk profile of our EDGAR system and of the agency's systems more broadly," Clayton said in a prepared statement.

The SEC provided additional details on the scope of its response to the breach. The agency will split its investigation up into five areas: a formal investigation by the Office of the Inspector General, a separate investigation by agency staff to determine if illicit trading took place as a result of the compromise, a review of ongoing modernization efforts to EDGAR with an increased focus on cybersecurity, a more general review of the agency's cybersecurity profile and an internal investigation into the hack by agency staff.

About the Author

Derek B. Johnson is a staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

  • Cloud
    DOD cloud

    DOD's latest cloud moves leave plenty of questions

    Speculation is still swirling about the implications of the draft solicitation for JEDI -- and about why a separate agreement for cloud-migration services was scaled back so dramatically.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.