Federal watchdog says SEC security issues put financial data at risk

Share this article:
Federal watchdog says SEC security issues put financial data at risk
Federal watchdog says SEC security issues put financial data at risk

A congressional watchdog has tasked the U.S. Securities and Exchange Commission (SEC) with addressing a number of security weaknesses impacting its system.

On Thursday, the U.S. Government Accountability Office (GAO) released a report (PDF) detailing the issues, which included SEC not encrypting sensitive data, properly identifying and authenticating users, or securely configuring a vital financial system, leaving it vulnerable to attack.

According to the 25-page report, “the information security weaknesses existed, in part, because SEC did not effectively oversee and manage the implementation of information security controls during the migration of this key financial system to a new location."

The watchdog said that SEC did not adequately oversee a contractor it hired to migrate its systems to a different data center last June.

As a result of SEC's need to improve security controls, GAO determined that the agency – which regulates the securities market, including exchanges, brokers, dealers and investment firms – had a “significant deficiency in internal control over financial reporting for fiscal year 2013.”

GAO recommended that the SEC assign security staff to monitor contractors performing security-related tasks, and that it improve its risk management operations.

In response to the findings, SEC's Chief Information Officer Thomas Bayer wrote in a letter (page 22 of the report) that the agency would "continue to optimize our controls and further improve the security of our systems that support financial processes and our overall risk management process." GAO's report was based on an audit for the fiscal years 2012 and 2013.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

More in News

C&K apologizes for unauthorized access that led to Goodwill breach

A web hosting service apologized for intermittent unauthorized access of its hosted environment over 18 months that led to the Goodwill breach.

Yelp and TinyCo settle with FTC over COPPA Rule violations

Yelp and TinyCo settle with FTC over COPPA ...

Yelp will pay $450,000, and TinyCo will pay $300,000 to settle charges that their mobile apps collected information from children under the age of 13.

Tinba variant aimed at U.S., international banks

Tinba variant aimed at U.S., international banks

Researchers at AVAST have unlocked a Tinba variant and discovered it has been customized to target U.S. financial institutions.