The forensics unit of the U.S. Securities and Exchange Commission, tasked with identifying cyber threats to sensitive information held by the SEC and provide security capability, cautioned the agency’s Office of Inspector General (OIG) about the “serious deficiencies” within the unit two months before the SEC was hacked in October 2016.
According to Reuters, the Digital Forensics and Investigations Unit delivered a three-page memo to the OIG in August 2016, outlining challenges faced by the unit that included outdated equipment and inadequate cyber training. The forensics unit was instead told to repurpose equipment due for disposal, leaving many concerns of the unit unaddressed by the OIG.
When the hack occurred, the OIG was not notified for several months, leading lawmakers to question why the forensic unit’s requests were ignored, and why the breach went unreported for so long.
Nearly a year after the incident occurred, the OIG was asked to review the hack after SEC Chairman Jay Clayton learned about it. Clayton testified before the U.S. Financial Services Committee Wednesday regarding the breach.