Hackers compromised the personal information of at least two people in a recently disclosed breach of the Securities and Exchange Commission’s corporate filing system.
In a statement on Monday, SEC Chairman Jay Clayton said “the names, dates of birth and Social Security numbers of two individuals” were exposed.
The agency is notifying them and will provide identity theft protection services. The SEC added it is investigating whether other personal information has been compromised.
Although the SEC didn’t say whose personal information was breached, it was probably not a member of the general public. Most of the people who file information about stock sales in the system are top executives and directors of public companies.
Last month, the SEC disclosed a 2016 hack of its Edgar filing system, a database of information all publicly traded companies have to file with federal regulators, like company earnings, mergers and acquisitions, and executives’ share dealings. Hackers accessed the information through a software flaw.
Previously, the agency said no personal information had been compromised. It said the hackers may have made money using the corporate information they stole.
“The 2016 intrusion and its ramifications concern me deeply,” Clayton said in a statement. “I am focused on getting to the bottom of the matter and, importantly, lifting our cybersecurity efforts moving forward.”
Those efforts include an investigation into any illegal trading off the hack, a possible upgrade of the corporate filing system and a review of all agency systems.
Clayton has authorized hiring more staff and consultants to strengthen cybersecurity.
News of the SEC breach came just two weeks after Equifax disclosed a hack that affected as many as 143 million people. Cyber breaches are increasingly common, and experts warn they will only get worse.