As part of an eight-page statement on the Security and Exchange Commission’s approach to cybersecurity, SEC Chairman Jay Clayton announced that the SEC’s EDGAR filing system, which stores disclosure documents filed by publicly traded companies, was breached last year. According to Chairman Clayton, the SEC identified a “vulnerability” in its system in 2016, which, though purported patched, was “exploited and resulted in access to nonpublic information.” The SEC does not believe that any personally identified information was accessed. However, Chairman Clayton acknowledged that the breached information “may have provided the basis for illicit gain through trading.”

The SEC had not announced exactly when the breach occurred or the precise information that was accessed. Its investigation is ongoing.

Chairman Clayton, who was confirmed in May, is scheduled to appear before the Senate and Banking Committee next week for a public hearing.