October 3, 2017
SEC Provides Updates from Investigation of 2016 Cyber Intrusion
On October 2, 2017, the SEC provided an update on its ongoing staff investigation of the 2016 cyber intrusion into the EDGAR system. The SEC announced that the third party performing the intrusion acquired the names, birth dates and social security numbers of at least two individuals. In response to this data breach, the SEC has stated that it will provide identity theft protection and monitoring services to the two affected individuals and any other individuals whose sensitive information may have been accessed.
THE SEC’s NEXT STEPS
Chairman Clayton has provided an update on steps the SEC will take to evaluate and improve the cybersecurity risk profile of its EDGAR system. The SEC’s efforts will be organized into the following five key work streams:
The SEC has supported these efforts through the immediate hiring of additional staff and outside technology consultants. The SEC will utilize these additions to perform the following tasks:
WHAT DOES THIS MEAN FOR ME?
Chairman Clayton’s announcement reiterates the importance for firms to make cybersecurity a top priority of their compliance program. Written cybersecurity policies and procedures should be implemented and periodically reviewed to ensure that all risks can be effectively identified. Protocols should also be established for mitigating these risks if they were to occur.
Fairview® will continue to assist clients with updating their cybersecurity policies and procedures so that they are better prepared to address potential cybersecurity threats. Please contact Fairview® if you have any questions or concerns about the SEC’s announcement and how it might apply to your firm.