The United States Securities and Exchange Commission (SEC) is facing scrutiny on its handling of a data breach that occurred in 2016 – but was only publicly disclosed on 20 September 2017.
Hackers accessed information on corporate filings intended for investors, which would be used for insider trading.
Although the SEC is now being grilled by US Senators on its response to the breach, it is seeking to introduce new data-gathering rules, which require funds to submit monthly performance data on their portfolio holdings.
The Investment Company Institute (ICI) has called for an independent investigation into the breach and wants the SEC to delay the new rules until investors can be assured that SEC’s systems are secure.
The ICI is a global investor group which represents over 95 million US shareholders, who hold more than $20 trillion in assets.
The ICI is concerned that the data that SEC seeks to collect is market sensitive and if disclosed could be used for insider trading to the disadvantage of investors.
This is not the first time the SEC’s information security system has been questioned. The Government Accountability Office, a congress watchdog, investigated the SEC’s data protection system in the 2015 fiscal year and made recommendations for improvement, some of which have still not yet been implemented.