Congressman John Delaney

Representing the 6th District of Maryland
Twitter icon
Facebook icon
YouTube icon
RSS icon

Delaney Leads Letter to SEC Chairman Clayton on EDGAR System Cybersecurity

Sep 26, 2017
Press Release
Letter presses SEC for answers on the vulnerability of the system and the number of companies impacted by 2016 breach

WASHINGTON – Congressman John K. Delaney (MD-6) and 21 Democratic Members of the House Financial Services Committee, including Ranking Member Maxine Waters (CA-43), have written to U.S. Securities and Exchange Commission (SEC) Chairman Jay Clayton on the security of the Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system.

 

The Delaney letter presses the SEC for more information on the 2016 EDGAR breach and on potentially illicit trading activity connected to the breach. Further, the letter questions what steps the SEC has taken to address vulnerabilities in the system.

 

“From Equifax to the SEC, Americans are rightly concerned about the security of their financial and personal information, this is a massive issue that cuts across our entire economy,” said Congressman Delaney. “EDGAR holds massive amounts of information and we need detailed answers from the SEC as to what happened. I look forward to hearing from Chairman Clayton on what we can do to make the system more secure.”  

 

The text of the letter is copied below:

 

 

 

September 26, 2017

 

The Honorable Jay Clayton

Chairman

U.S. Securities and Exchange Commission

100 F Street, NE

Washington, DC 20549

 

Dear Chairman Clayton:

 

As members of the House Financial Services Committee, we write in regard to your statement from September 20, 2017, regarding cybersecurity and the U.S. Securities and Exchange Commission’s (SEC) Electronic Data Gathering, Analysis, and Retrieval (EDGAR) system.

 

According to your statement, a “software vulnerability” in the EDGAR system was exploited and led to the unauthorized access of nonpublic information. This raises serious concerns for all market participants regarding the fairness of the capital markets and the security and accuracy of information stored on the EDGAR system.

 

As you know, the EDGAR system is the central location in which companies must file SEC registration statements, periodic reports, and other required forms. In total, the system receives and processes approximately 1.7 million filings each year. Given the amount of information filed, disseminated, and stored through the system, the EDGAR system maintains an important role in the capital markets by increasing efficiency and fairness for all investors and companies while promoting transparency. However, the system only benefits all market participants when market participants are assured that the information contained on the system is properly safeguarded and that the underlying reports are accurate.

 

In light of this cybersecurity breach, we request that you provide us answers to the following questions:

 

  1. When was the software vulnerability discovered and what steps did the SEC take to address this particular vulnerability?
  2. When did the SEC learn of potentially illicit trades using the information accessed through the software vulnerability? Please provide us with an overview of the potentially illicit trading activity, including the size and scope of the trades and number of companies involved.
  3. What types of information and/or filings were accessed through this software vulnerability?
  4. How many companies’ filings and/or data were improperly accessed through this breach?
  5. Has the SEC notified companies and shareholders affected by the unauthorized access of information? If not, does the SEC plan to do so and when?
  6. While you state that the SEC does not currently believe the breach resulted in the unauthorized access of personally identifiable information (PII) of investors, this is not guaranteed in future breaches. What steps does the SEC plan to take to ensure individuals’ identities are protected in the future?
  7. What steps, if any, does the SEC plan to take to better address cybersecurity vulnerabilities in the EDGAR system?

 

Cybersecurity is a growing threat in the financial services industry, and we look forward to working with you to better address cyber vulnerabilities moving forward. Thank you in advance for your timely responses to our questions.

 

Sincerely,

 

 

 

______________________________                                    ______________________________

John K. Delaney                                                                     Maxine Waters

 

 

 

______________________________                                    ______________________________

Carolyn B. Maloney                                                                Josh Gottheimer

 

 

 

______________________________                                    ______________________________

David Scott                                                                             Nydia M. Velázquez

 

 

 

______________________________                                    ______________________________

Juan Vargas                                                                             Brad Sherman

 

 

 

______________________________                                    ______________________________

Kyrsten Sinema                                                                       James A. Himes

 

 

 

______________________________                                    ______________________________

Wm. Lacy Clay                                                                       Ed Perlmutter

 

 

______________________________                                    ______________________________

Gregory W. Meeks                                                                  Joyce Beatty

 

 

 

______________________________                                    ______________________________

Vicente Gonzalez                                                                    Stephen F. Lynch

 

 

 

______________________________                                    ______________________________

Gwen Moore                                                                           Al Green

 

 

 

______________________________                                    ______________________________

Ruben J. Kihuen                                                                     Keith Ellison

 

 

 

______________________________                                    ______________________________

Daniel T. Kildee                                                                      Charlie Crist