US Financial Regulator Launches Unit to Police Cyber-threats

The US Securities and Exchange Commission has announced it is setting up a special unit dedicated to identifying cyber-related misconduct.

The announcement came days after the top US financial regulator disclosed that it had been the victim of a hacking attack in 2016, and that the perpetrators may have been able to profit from the information.

In a statement the SEC said the new unit, which has been in the works for months, “will focus on targeting cyber-related misconduct” including market manipulation schemes, hacking and intrusions into retail brokerage accounts. 

“Cyber-related threats and misconduct are among the greatest risks facing investors and the securities industry,” said Stephanie Avakian, co-director of the SEC’s Enforcement Division.  

“The Cyber Unit will enhance our ability to detect and investigate cyber-threats through increasing expertise in an area of critical national importance.”

The attack on the SEC targeted the agency’s EDGAR database, which contains data from publicly traded companies such as earnings statements and corporate transactions.

A “software vulnerability” was quickly fixed after the intrusion was discovered, but the hackers had already been able to access “non-public information,” the SEC said of the cyber-attack.

The news came on the heels of one of the worst-ever breaches of personal data, revealed after the American firm Equifax announced it was the victim of a hacking attack that compromised the personal data of more than 140 million Americans, 400,000 Britons and 100,000 Canadians.

Deloitte also acknowledged Monday that its computer systems had been targeted but insisted the consequences were limited.

In its announcement Monday the SEC also said it was launching a “Retail Strategy Task Force” aimed at identifying “misconduct impacting retail investors.”