In a statement published on the Securities and Exchange Commission's website yesterday, SEC Chairman Jay Clayton revealed that the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system was compromised last year. Data from EDGAR, which is used to receive and publish corporate filings to the agency, "may have provided the basis for illicit gain through trading," Clayton said. "Notwithstanding our efforts to protect our systems and manage cybersecurity risk, in certain cases cyber threat actors have managed to access or misuse our systems." The revelations were part of a statement by Clayton on the SEC's overall cybersecurity posture and policy.
This is not the first time the SEC has exposed financial data. In 2014, an audit from the SEC's inspector general found that hundreds of agency laptops could not be accounted for, and many of them may have contained non-public financial market data. But the 2016 breach was the result of a deliberate attack aimed at accessing the EDGAR filing system.
EDGAR is the system that accepts electronic filings of statements from corporations regarding their finances and events or activities that might have an impact on their business. The system also allows the public—including investors and researchers—to access those filings. EDGAR amounts to a huge content management and workflow system, containing data on all manner of publicly traded stocks, bonds, and other securities. It's intended to ensure that all parties have access to the same information at the same time to minimize the ability of some to take advantage of the release of advance financial information.