The leading U.S. market regulator, the SEC, disclosed a security breach; thieves may have utilised the accessible data for insider trading.
Clayton claims that the security breach was the last to be found and that it was caused by a software vulnerability.
The SEC stated that it is looking into the security breech, but it withheld information regarding the attack; instead, it simply attested to the fact that the vulnerability used by hackers was swiftly corrected.
It is thought that no systemic risk nor unauthorised access to personally identifiable information was caused by the intrusion, nor did it endanger the Commission's operations.
Source: https://securityaffairs.com/63270/data-breach/sec-data-breach.html
TPRM report: https://scoringcyber.rankiteo.com/company/secgov
"id": "uss221111223",
"linkid": "secgov",
"type": "Breach",
"date": "09/2017",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'industry': 'Financial Regulation',
'location': 'United States',
'name': 'SEC (Securities and Exchange Commission)',
'type': 'Government Agency'}],
'attack_vector': 'Software Vulnerability',
'data_breach': {'personally_identifiable_information': 'None'},
'description': 'The leading U.S. market regulator, the SEC, disclosed a '
'security breach; thieves may have utilised the accessible '
'data for insider trading.',
'investigation_status': 'Under Investigation',
'motivation': 'Insider Trading',
'post_incident_analysis': {'root_causes': 'Software vulnerability'},
'response': {'remediation_measures': 'Vulnerability swiftly corrected'},
'threat_actor': 'Unknown',
'title': 'SEC Security Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Software vulnerability'}