S.E.C. Hacking Response Provides Road Map for Compromised Companies<br />The Equifax hacking drew more attention because of its scope,<br />but a potentially more threatening attack — for those who know what to do with the information — was the breach of the Securities and Exchange Commission electronic system known as Edgar, which receives 1.7 million corporate and securities filings a year.<br />by any company — especially Equifax — when questions are raised about the systems it uses to prevent digital attacks<br />and make a timely disclosure to the public when they do occur.<br />It has provided a road map for what compromised companies can say in the future — using the S. E.C.’s own words —<br />and raised the question of how the commission would secure hugely valuable information if it succeeds in its goal of collecting even more of it.<br />Although Mr. Clayton claimed that the hacking did not “result in systemic risk,” the misuse of confidential information<br />— especially when noticing it may have taken months — threatens the integrity of the financial markets.<br />In announcing the breach last week, Mr. Clayton noted<br />that “even the most diligent cybersecurity efforts will not address all cyberrisks that enterprises face.” Those words are certain to be cited back to the S. E.C.<br />chairman, Walter J. Clayton, said the commission learned last month<br />that a digital breach it detected in 2016 “may have provided the basis for illicit gain through trading.”<br />That information was buried in Mr. Clayton’s statement, which otherwise appeared to concern the general matter of cybersecurity.<br />It is no surprise that the hackers are at risk of penalties — in 2015, the Justice Department and the S. E.C.
