Securities and Exchange Commission staffers have failed to encrypt computers containing sensitive information from stock exchanges, sources familiar with the issue have stated, adding that they rendered the computers vulnerable to a host of cyber attacks.
Reportedly, the computers under review belonged to employees in the SEC Trading and Markets Division. And the irony is that the same office is responsible for ensuring exchanges follow guidelines to protect markets from potential cyber threats and system faults.
Some of the devices under consideration were even brought to a Black Hat convention where computer hacking experts gathered to discuss trends, Reuters has reported.
The lapses in the Trading and Markets Division are laid out in a yet-to-be-released report.
This news comes on the heels of SEC encouraging companies to get serious with cyber attacks. Cyber security has become a pressing issue as companies including Lockheed Martin Corp to Bank of America Corp have fallen victim to hacking in recent years.
Apparently, the agency was forced to spend at least $200,000 and hire a third-party firm to conduct a thorough analysis to make sure none of the data was compromised, Reuters has pointed out.
The SEC also notified exchanges about the incident. "From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information," Rich Adamonis, a spokesman for the New York Stock Exchange told Reuters.
The SEC Trading and Markets Division, involving several hundred staffers, is responsible for overseeing the U.S. equity markets, ensuring compliance with rules and writing regulations for exchanges and brokerages.
The division is entrusted with the task to ensure exchanges follow a series of voluntary guidelines known as "Automation Review Policies," or ARPs. These policies call for exchanges to establish programs concerning computer audits, security and capacity. They are a road map to the capital markets' infrastructure.
SEC Chairman Mary Schapiro recently stated the SEC was working to convert the ARP guidelines into rules after a software error at Knight Capital Group bankrupt the brokerage and led to a $440 million trading loss.