Two People's Information Compromised in SEC Data Breach

Mark Van Scyoc/

Hackers may have traded on nonpublic information, though.

Only two people’s personal information was compromised in a 2016 breach of the Securities and Exchange Commission’s online filing system, the agency announced Monday.

It’s still not clear, however, whether hackers of the EDGAR filing system used the spoils of that breach to trade stocks and other financial instruments based on nonpublic information, according to a commission news release.

The commission is investigating the possibility of illicit trading as part of a five-pronged review.

» Get the best federal technology news and ideas delivered right to your inbox. Sign up here.

That review includes assessments of possible cybersecurity improvements to the EDGAR platform and to the commission’s broader technology footprint. It also includes a review of commission operations and procedures to respond to data breaches.

Compromised information of the two breach victims included names, addresses, birth dates and Social Security numbers, the commission said. The commission offered both victims free credit monitoring.

It’s possible investigators will discover additional data breach victims, the commission said.

Commission Chairman Jay Clayton has authorized a cyber hiring surge to improve the commission’s overall security posture, he told lawmakers last month.

The commission is also launching a new cyber enforcement unit focused on cyber threats to stock exchanges and other digital mischief.