The U.S. Securities and Exchange Commission is investigating the hacking of corporate email accounts to trade stocks.
It is suspected that a group of hackers broke into the email accounts in order to steal confidential details about mergers.
The SEC has asked at least eight companies to provide details of their data breaches. Making it the first time it has approachedcompanies about possible breaches in connection with an insider trading probe, highlighting the significance of the threat posed.
John Reed, former head of Internet enforcement, SEC, said: "The SEC is interested because failures in cybersecurity have prompted a dangerous, new method of unlawful insider trading," reports, Reuters.
The SEC is not the only one investigating the matter, with the U.S. Secret Service also operating a parallel probe which was spurred by a security report in December regarding a hacking group dubbed "FIN4."
The report by FireEye, stated that since mid-2013, the hacking group had tried to break into email account of more than 100 companies to look for confidential information on mergers and market events.
Jacob Ginsberg, Senior Director at Echoworx, said: "Once again, hackers are going after the goldmine of all corporate information, email. The quality of information being collected by hackers is making it an attractive tactic for white collar criminals.
"It’s vital that businesses move beyond compliance driven security measure to protect themselves from these new found threats, particularly in highly regulated sectors like financial services and healthcare.
"Combined with user training and solid company wide security policies, email encryption solutions that employ two factor authentication are the only sure fire way to combat identity hackers targeting corporate emails.
"Given recent calls by the US government for back doors, it seems paradoxical that the SEC is driving a crack down on corporate hacking."
According to people familiar with the situation, the SEC has asked companies for data related to cyber intrusions or attempted intrusions, as well as information on the tactics used to lure employees, such as "spear phishing" or "credential harvesting."
The size and scale of the investigation highlights the magnitude of the threat posed by hacking and its use as a tool for insider trading, although it is yet unclear whether any information was stolen and used in trades.
Phil Barnett, VP and GM for EMEA, Good Technology, said: "Once again, insecure email accounts are the a yellow brick road for hackers seeking exploitable information. Unless businesses take responsibility for the security of their data, across all devices, they are leaving themselves exposed and vulnerable to attack.
"Such cyber threats must be tackled head on with a combination of containerisation of information and employee education. Highly regulated industries require stringent security policies, but threats such as these bring into question their effectiveness.
"An indestructible perimeter must be built around valuable corporate information unless businesses want hackers to find ‘Oz’ and steal invaluable information."
