The chairman of the U.S. Securities and Exchange Commission belatedly found out in August, about three months after being confirmed, that hackers breached the regulator's database of corporate announcements in 2016, according to prepared congressional testimony seen by Reuters on Monday.
The SEC's enforcement staff and inspector general's office have launched internal investigations into the breach and whether hackers illegally traded on non-public information they stole from the EDGAR filing system, Jay Clayton will tell the Senate Banking Committee at a hearing on Tuesday.
Clayton became chairman of the SEC in May. The breach was first detected in 2016.
The regulator reported the breach to the Department of Homeland Security's Computer Emergency Readiness Team when it was first discovered, Clayton said. Since learning of the breach, he has called for hiring more cyber experts at the SEC.
The SEC said earlier this month that it had discovered an intrusion into EDGAR, which houses corporate filings. Clayton said the hack was possibly the result of a defect in the EDGAR software and added that personally identifiable information did not appear to have been put at risk.
He said the SEC was still determining the extent and impact of the breach and that it could take "substantial time" to complete. Clayton said he was limited in what he could say publicly given the ongoing review.
Clayton's testimony will come as cybersecurity has rocketed up Congress's list of concerns. One week after Clayton testifies on the SEC breach, the Senate Banking Committee will hear from Richard Smith, the chief executive of credit monitoring bureau Equifax Inc (EFX.N), who will be testifying on the massive hack into the company's systems that put personal information of up to 143 million people at risk.
A spokesperson for the Senate Banking Committee was not immediately available for comment.