Consumers Weren't Affected By The SEC Breach
On September 20th, the Securities Exchange Commission (SEC) announced a data breach of it's EDGAR system. EDGAR collects non-public financial data from publicly traded companies as well as disseminates public financial information. Although hot on the heals of the massive Equifax data breach, the SEC breach impacts the investing community but not the general public.
The SEC Breach Is A Risk To Investors
According to the SEC, the breach did not disclose any personally identifiable information of investors, traders, or consumers. Instead, the breach allowed the alleged criminal to use non-public information stored within the EDGAR system to profit from illegal insider trading.
Although this might seem like a victim-less crime, the reality is the financial cost is borne by other investors. When one investor sells their stock for $50 before it drops to $45, the investor who bought the stock lost $5 on the deal. Every dollar one investor earns comes at the cost of the person on the other side of the trade.
As a result, investors are at a disadvantage compared to the hacker when trading stocks. The SEC has closed the breach, but the incident does raise questions about the need for the nations top investing regulator to increase cyber-security.
How EDGAR Works
In order to regulate public companies, the SEC requires companies to file financial statements detailing their revenues, costs, risks, and other information needed by investors. These documents are submitted into the SEC EDGAR system and kept private for a short period of time. The reason they are held as private is so the information can be made public at all places at the same time.
This increases the fairness for investors as everyone gets the same information at the same time. When the company publishes the financial statement and shares them with investors, at the same time the SEC makes the documents public on the EDGAR site.
The Breach Disclosed Non-Public Financial Data
According to an SEC statement, the breach took advantage of the window of time between the documents being filed with the SEC and the information being made public by all parties. By gaining access to financial statements early, the hacker was able to identify news which would cause a company's stock to increase or decrease significantly.
The hacker could then buy, sell, or short sell the stock based on this inside information. Once the news was made public, and the stock price changed, the hacker would close their position (i.e. sell the stock they bought) and reap the profits.
The Risk to Consumers
The SEC discovered and patched the leak in 2016, but didn't disclose the breach to the public until late in 2017. This is an enormous gap where impacted individuals could be unaware of the risk to themselves and their finances.
Although the SEC breach doesn't impact consumers, it does point out a risk for consumers which could be impacted by future cyberattacks of other government agencies. Government agencies have completely different laws and rules for disclosing and dealing with cyberattacks.
SEC Doesn't Follow Its Own Disclosure Rules
The SEC requires a company to disclose instances like data breaches to the public within a limited time frame. If they don't, the SEC will take regulatory action including potential hefty fines.
Unfortunately, the SEC itself isn't required to follow the same rules. Government agencies are required to disclose beaches to other government oversight bodies within 7 days, but there is currently no requirement for public disclosure.
Take the Purposeful Finance Challenge
In just a few minutes a week, you can move toward financial independence. Each week you will receive a simple action item to take to improve your financial situation. Visit our challenge page and commit to build your financial plan one week at a time.
Joshua Escalante Troesh is a tenured professor of Business at El Camino College and the founder of Purposeful Finance. His career provides him with a unique insight on personal financial, having been a VP at a financial institution leading up to 2008, and involved with technology and internet stock research leading up to 2000.Joshua Escalante Troesh is a tenured professor of Business at El Camino College and the founder of Purposeful Finance. His career includes having been a VP at a financial institution leading up to 2008, and involved with technology and internet stock research leading up to 2000. He can be reached for comment at info@purposefulfinance.org