Equifax teaches us what not to do after a data breach
The US Securities and Exchange Commission on Tuesday announced it's stepping up its efforts to combat cyber crime against investors and the securities industry.
The agency is creating a new Cyber Unit, which will focus on problems like "misconduct" on the dark web, hacks aimed at stealing nonpublic information, intrusions into retail brokerage accounts, market manipulation schemes involving "false information spread through electronic and social media," cyber threats to market infrastructure like trading platform, and fraud involving initial coin offerings.
The SEC said the new unit has been "in the planning stages for months" and complements its efforts to create an internal cybersecurity risk profile and improve internal information sharing and risk monitoring.
The stepped up efforts come soon after the massive Equifax breach that has impacted millions of consumers. And just days ago, SEC Chairman Jay Clayton admitted that his own agency suffered a cybersecurity breach last year that may have given hackers access to market-influencing insider information.
While the SEC is dedicating more resources exclusively to cyber crime, Clayton told a US Senate panel on Tuesday that the agency needs more money for the effort. "Single actors dwarf the amount we have available to spent in this area," he said.
As The Washington Post reports, Clayton told the Senate Banking Committee that he only became aware of the 2016 breach last month.
Clayton declined to directly answer questions related to the Equifax breach, such as whether Equifax executives should be able to keep their bonuses, and whether the firm should've publicly disclosed the hack earlier.
Also on Tuesday, Equifax announced that its chairman and chief executive Richard Smith has stepped down and will not receive his annual bonus for the year.