The US Securities and Exchange Commission (SEC) has failed to encrypt sensitive information, leaving them exposed to hackers according to source told Reuters.
The computers under review belonged to employees in the SEC’s Trading and Markets Division.
According to Reuters, some of the staffers even brought the unprotected devices to a Black Hat convention, a conference where computer hacking experts gather to discuss the latest trends.
Reuters, citing an unnamed source, reports that the SEC paid a third-party company about $200,000 to analyse and make sure none of the data was compromised.
A spokesman for the New York Stock Exchange Rich Adamonis was quoted by new agency as saying that the exchange operator is disappointed with the SEC’s lapse.
"From the moment we were informed, we have been actively seeking clarity from the SEC to understand the full extent of the use of improperly secured devices and the information involved, as well as the actions taken by the SEC to ensure that there is proper remediation and a complete audit trail for the information," spokesman said.
Recently, SEC chairman Mary Schapiro said that the exchange is working to convert the ARP guidelines into enforceable rules after a software error at Knight Capital bankrupt the brokerage and led to a $440 m trading loss.