Employees of the U.S. Securities and Exchange Commission (SEC) failed to protect private access to their computers with highly confidential information, becoming a target for cyber-attacks, according to a Reuters report. In this particular instance, they didn’t encrypt devices taken out of the bounds of physical security and left them in the open for prying eyes (as they were taken to a black hat conference).
Although no evidence of spying or hacking has been uncovered, the event is still being investigated.
Staffers responsible for the protection of the market from potential cyber threats and system problems brought several unprotected storage devices to a “black hats” conference–an event in computer security, designed specifically for federal services. Why they brought these gadgets is unknown.
The unprotected devices and computers belonged to employees within the SEC’s Trading and Markets Division. The Trading and Markets Division is responsible for creating and maintaining standards to protect the markets from potential cyber threats and systems problems.
According to Reuters, at the present time, the Commission has to spend at least two hundred thousand dollars to hire outside firms to conduct a thorough analysis to make sure that none of the systems have been compromised.
It is not known whether anyone used the vulnerability of the network. Rich Adamonis, a spokesman for the New York Stock Exchange said the exchange is taking the matter seriously.
“From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information,” he said.
SEC has several hundred employees. In the first place, the department performs the supervision and regulation of the American stock market. The division is also responsible for overseeing the U.S. equity markets.
The reported lapse in security underlines the growing importance of protecting financial-related networks. The question of data security has become more important after the succession occurred in the past years a number of breaches of major companies, from Lockheed Martin Corp, the NASDAQ stock exchange and ending with the National Bank of America. Just last year, another report claimed that the US Chamber of Commerce had been targeted by hackers to steal sensitive corporate data of member companies.