The U.S. Securities and Exchange Commission recently suffered a security breach, and now the New York Stock Exchange has hired the former head of the U.S. Department of Homeland Security to make sure it wasn't exposed.
The SEC's data security issue arose when it was discovered that computers, iPads and other devices owned by employees in one of the organization's Trading and Markets Division were left unencrypted, according to a report from Wall Street and Tech. Specifically, those employees were responsible for making sure exchanges protect themselves from cyber attacks and breaches.
The discoveries were first reported in late August, though the SEC says no information was exposed and the issue was fixed, plus two of the people responsible for the problem no longer work there, the report said. However, the NYSE believes the SEC's investigation wasn't thorough enough, prompting it to hire the former Secretary of Homeland Security, Michael Chertoff.
"[The NYSE was victimized by] a gross mishandling of data that would get an F from any security official," a person with knowledge of the situation, who spoke on the condition of anonymity, told the news site.
For its part, the SEC spend close to $350,000 to hire a forensics team to test its laptops to ensure they had not been hacked, and further strengthened its policies for protecting proprietary data internally, the report said. But the NYSE believes more devices than just laptops might have been exposed, and while 28 such computers were involved in the incident, the forensics team only tested a select few of that group, rather than all of them.
Further, the SEC also acknowledged in a recent investigation that many of the staffers whose devices were exposed did not take all precautions to secure them, the report said. Many didn't even have virus protection or encryption, and some were even brought to a hacking convention. They were also used on hotel wireless networks to download music and movies, as well as for personal banking, and one staffer said he sent sensitive SEC data through his personal email account using one of the devices.
Ondrej Krehel, chief information security officer for IDentity Theft 911, writes often about the ways in which mishandled security protocols can lead to massive problems for consumers and organizations alike.
The SEC's data security issue arose when it was discovered that computers, iPads and other devices owned by employees in one of the organization's Trading and Markets Division were left unencrypted, according to a report from Wall Street and Tech. Specifically, those employees were responsible for making sure exchanges protect themselves from cyber attacks and breaches.
The discoveries were first reported in late August, though the SEC says no information was exposed and the issue was fixed, plus two of the people responsible for the problem no longer work there, the report said. However, the NYSE believes the SEC's investigation wasn't thorough enough, prompting it to hire the former Secretary of Homeland Security, Michael Chertoff.
"[The NYSE was victimized by] a gross mishandling of data that would get an F from any security official," a person with knowledge of the situation, who spoke on the condition of anonymity, told the news site.
For its part, the SEC spend close to $350,000 to hire a forensics team to test its laptops to ensure they had not been hacked, and further strengthened its policies for protecting proprietary data internally, the report said. But the NYSE believes more devices than just laptops might have been exposed, and while 28 such computers were involved in the incident, the forensics team only tested a select few of that group, rather than all of them.
Further, the SEC also acknowledged in a recent investigation that many of the staffers whose devices were exposed did not take all precautions to secure them, the report said. Many didn't even have virus protection or encryption, and some were even brought to a hacking convention. They were also used on hotel wireless networks to download music and movies, as well as for personal banking, and one staffer said he sent sensitive SEC data through his personal email account using one of the devices.
Ondrej Krehel, chief information security officer for IDentity Theft 911, writes often about the ways in which mishandled security protocols can lead to massive problems for consumers and organizations alike.
