23 March 2018
SEC Chairman Jay Clayton recently provided an update on the SEC's investigation of the 2016 cyber intrusion into its EDGAR system. Both U.S. and non-U.S. filers use EDGAR to file registration statements, periodic reports and other forms electronically. The SEC determined that the names, dates of birth and social security numbers of two individuals were accessed as part of the cyber intrusion. The SEC is contacting those individuals and will provide identity theft protection and monitoring services to them. The SEC indicated that it will contact and provide such services to other individuals if it is determined that sensitive information of other individuals may have been accessed. Mr. Clayton also noted that he has authorized the immediate hiring of additional staff and third-party technology consultants to assist the SEC in protecting its network, systems and data. He has also directed the SEC to strengthen its cybersecurity risk profile. This effort will focus initially on EDGAR and will evaluate the types of data obtained via EDGAR, as well as assess whether or not EDGAR is the appropriate mechanism to obtain such data. For more information, see https://www.sec.gov/news/press-release/2017-186.