SEC Failed to Encrypt Computers Containing Sensitive Data
The Securities and Exchange Commission spent at least $200,000 to determine if the data had been compromised.
According to Reuters' Sarah N. Lynch, staff members in the U.S. Securities and Exchange Commission's Trading and Markets Division failed to encrypt several computers that held highly sensitive information, leaving them vulnerable to cyber attacks.
"As it turns out, the trading and markets division is charged with ensuring that markets don't fall victim to cyberattacks," writes CNET News' Don Reisinger. "Reuters also reports that the staffers attended the annual Black Hat Conference for hackers and brought the unprotected computers with them. Soon after the security issues were identified, the SEC hired a third-party company and paid it 'at least $200,000' to determine if any breaches occurred. That firm could not find any evidence of a hack, Reuters says."
"The employees were found to be flouting standard procedure within the SEC that demands that data on laptops be encrypted to protect it in the event of that device being lost or stolen," BBC News reports. "The laptops contained sensitive information about the inner workings of many US financial markets. ... The report into the security lapse was co-ordinated by the Jon Rymer, the SEC's interim inspector general."
"Sources within the SEC said that the staff involved had been disciplined over the security failings following an internal investigation," writes The Register's Iain Thomson. "Rich Adamonis, a spokesman for the New York Stock Exchange, told Reuters that the exchange was 'disappointed' at the report's findings."