SEC staffers bring computers with sensitive, unencrypted data to Black Hat hacker conference


In the face of a growing number of cyberattacks on businesses and government agencies, the White House is drafting an executive order on cybersecurity following Congress’s failure to pass similar legislation earlier this year. Not everyone in government is taking the threat so seriously, however. Reuters is reporting that several staffers at the Securities and Exchange Commission’s Trading and Markets Division left their agency-issued computers’ hard drives unencrypted — drives that contain highly sensitive information on stock exchanges such as details of the system's infrastructure. According to reports, in an extreme effort to tempt fate, some of the employees also brought these same computers to the Black Hat security conference, but the SEC says there is no evidence that any data was compromised.

The employees face disciplinary action

While there may not have been a breach, coming to that conclusion reportedly didn’t come cheap. Citing an unnamed source, Reuters reports that the SEC paid a third-party firm "at least $200,000" to analyze whether anyone had gained unauthorized access. Disciplinary action has reportedly been initiated against the employees involved, but we'll have to wait for other details until the upcoming report on the incident from the SEC’s Interim Inspector General, Jon Rymer.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.