U.S. SEC staffers used govn't computers for personal use - report

WASHINGTON Sat Nov 10, 2012 4:58am IST

A sign for the Securities and Exchange Commission (SEC) is pictured in the foyer of the Fort Worth Regional Office in Fort Worth, Texas June 28, 2012. REUTERS/Mike Stone/Files

A sign for the Securities and Exchange Commission (SEC) is pictured in the foyer of the Fort Worth Regional Office in Fort Worth, Texas June 28, 2012.

Credit: Reuters/Mike Stone/Files

Related Topics

Stocks

   
Priyanka Gandhi Vadra, daughter of Congress party chief Sonia Gandhi, adjusts her flower garlands as she campaigns for her mother during an election meeting at Rae Bareli in Uttar Pradesh April 22, 2014. REUTERS/Pawan Kumar

Election 2014

More than 814 million people — a number larger than the population of Europe — are eligible to vote in the world’s biggest democratic exercise.  Full Coverage 

WASHINGTON (Reuters) - Several U.S. Securities and Exchange Commission staffers responsible for monitoring the markets and exchanges broadly misused computer equipment to download music and failed to properly safeguard sensitive information, a report has found.

In a 43-page investigative report that probed the misuse of government resources, SEC Interim Inspector General Jon Rymer discovered that an office within the SEC's Trading and Markets division spent over $1 million on unnecessary technology.

The report also found that the staffers failed to protect their computers and devices from hackers, even as they were urging exchanges and clearing agencies to do just that.

Although no breaches occurred, the staffers left sensitive stock exchange data exposed to potential cyber attacks because they failed to encrypt the devices or even install basic virus protection programs.

Reuters first reported on the unencrypted computers on Thursday, citing people familiar with the matter.

On Friday, however, Reuters reviewed a copy of the full report, which details an even broader array of problems, from misleading the SEC about the office's need to buy Apple Inc (AAPL.O) products, to cases in which staffers took iPads and laptops home and used them primarily for pursuits such as personal banking, surfing the Web and downloading music and movies.

The report says the staff may have brought the unprotected laptops to a Black Hat convention where hacking experts discuss the latest trends. They also used them to tap into public wireless networks and brought the devices along with them during exchange inspections.

In at least one case, a staffer admitted to using his personal e-mail to send his work e-mail sensitive data about the Depository Trust & Clearing Corp, the U.S. equities market's clearing agency. When asked about this, he called it "a mistake" and "bad judgment" on his part.

"While they were using unencrypted laptops themselves, they were recommending to the (exchanges and clearing agencies) that they encrypt their laptops," Rymer wrote in his report, which is dated August 30.

"The inspector general found that four staff members had used unencrypted laptop computers in violation of SEC policy," SEC spokesman John Nester said.

"Although we found no evidence that data was compromised, the problem was fixed and the two staffers responsible for maintaining and configuring the equipment are no longer with the agency."

Rymer's report comes as the SEC is encouraging companies to get more serious about cyber attacks. Last year, the agency issued guidance that public companies should follow in determining when to report breaches to investors.

The office that was the subject of Rymer's investigation is responsible for ensuring exchanges are following a series of voluntary guidelines known as "Automation Review Policies," or ARPs.

These policies call for exchanges to establish programs concerning computer audits, security and capacity. They are, in essence, a road map of the capital markets' infrastructure.

Rymer found that the office did not have any planning or oversight into its purchases of computer equipment. From 2006 through 2010, the office got permission to spend $1.8 million on technology devices.

The report also found that some people who worked in the office had little or no experience with exchange technical matters. (Reporting By Sarah N. Lynch; Editing by Matthew Goldstein and Andre Grenon)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

Apple

REUTERS SHOWCASE

Hacking Threat

Hacking Threat

All at sea: global shipping fleet exposed to hacking threat.  Full Article 

Mt. Gox Update

Mt. Gox Update

Tokyo Court orders bankruptcy trustee to begin Mt. Gox liquidation .  Full Article 

Net Neutrality

Net Neutrality

U.S. regulators to propose new net neutrality rules in May.  Full Article 

Facebook Results

Facebook Results

Facebook Q1 revenue grows 72 percent on rising mobile ads.  Full Article | Related Story 

Huawei Shrugs

Huawei Shrugs

China's Huawei says reports of NSA spying won't impact growth  Full Article 

Betting on Content

Betting on Content

AOL, Microsoft lure advertisers with TV-style shows.  Full Article 

Restructuring Plans

Restructuring Plans

Zynga's Pincus withdraws from operations amid turnaround.  Full Article 

Security Threat

Security Threat

FBI warns healthcare sector vulnerable to cyber attacks.  Full Article 

Online Streaming

Online Streaming

Amazon grabs rights to stream older HBO shows.  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage