U.S. SEC staffers used govn't computers for personal use - report

WASHINGTON Sat Nov 10, 2012 4:58am IST

A sign for the Securities and Exchange Commission (SEC) is pictured in the foyer of the Fort Worth Regional Office in Fort Worth, Texas June 28, 2012. REUTERS/Mike Stone/Files

A sign for the Securities and Exchange Commission (SEC) is pictured in the foyer of the Fort Worth Regional Office in Fort Worth, Texas June 28, 2012.

Credit: Reuters/Mike Stone/Files

Related Topics

Stocks

   

WASHINGTON (Reuters) - Several U.S. Securities and Exchange Commission staffers responsible for monitoring the markets and exchanges broadly misused computer equipment to download music and failed to properly safeguard sensitive information, a report has found.

In a 43-page investigative report that probed the misuse of government resources, SEC Interim Inspector General Jon Rymer discovered that an office within the SEC's Trading and Markets division spent over $1 million on unnecessary technology.

The report also found that the staffers failed to protect their computers and devices from hackers, even as they were urging exchanges and clearing agencies to do just that.

Although no breaches occurred, the staffers left sensitive stock exchange data exposed to potential cyber attacks because they failed to encrypt the devices or even install basic virus protection programs.

Reuters first reported on the unencrypted computers on Thursday, citing people familiar with the matter.

On Friday, however, Reuters reviewed a copy of the full report, which details an even broader array of problems, from misleading the SEC about the office's need to buy Apple Inc (AAPL.O) products, to cases in which staffers took iPads and laptops home and used them primarily for pursuits such as personal banking, surfing the Web and downloading music and movies.

The report says the staff may have brought the unprotected laptops to a Black Hat convention where hacking experts discuss the latest trends. They also used them to tap into public wireless networks and brought the devices along with them during exchange inspections.

In at least one case, a staffer admitted to using his personal e-mail to send his work e-mail sensitive data about the Depository Trust & Clearing Corp, the U.S. equities market's clearing agency. When asked about this, he called it "a mistake" and "bad judgment" on his part.

"While they were using unencrypted laptops themselves, they were recommending to the (exchanges and clearing agencies) that they encrypt their laptops," Rymer wrote in his report, which is dated August 30.

"The inspector general found that four staff members had used unencrypted laptop computers in violation of SEC policy," SEC spokesman John Nester said.

"Although we found no evidence that data was compromised, the problem was fixed and the two staffers responsible for maintaining and configuring the equipment are no longer with the agency."

Rymer's report comes as the SEC is encouraging companies to get more serious about cyber attacks. Last year, the agency issued guidance that public companies should follow in determining when to report breaches to investors.

The office that was the subject of Rymer's investigation is responsible for ensuring exchanges are following a series of voluntary guidelines known as "Automation Review Policies," or ARPs.

These policies call for exchanges to establish programs concerning computer audits, security and capacity. They are, in essence, a road map of the capital markets' infrastructure.

Rymer found that the office did not have any planning or oversight into its purchases of computer equipment. From 2006 through 2010, the office got permission to spend $1.8 million on technology devices.

The report also found that some people who worked in the office had little or no experience with exchange technical matters. (Reporting By Sarah N. Lynch; Editing by Matthew Goldstein and Andre Grenon)

FILED UNDER:
Comments (0)
This discussion is now closed. We welcome comments on our articles for a limited period after their publication.

  • Most Popular
  • Most Shared

TECH DEAL

A view of Microsoft and Nokia signs in Peltola, Oulu July 16, 2014. Microsoft Corp said on Thursday it would cut up to 18,000 jobs, or about 14 percent of its workforce, as it halves the size of its recent Nokia acquisition and trims down other operations. REUTERS/Markku Ruottinen/Lehtikuva

Opera's Mini browser to be installed on Microsoft phones

Norwegian software maker Opera signed a deal to take over the browser building unit of Microsoft's Nokia mobile phone unit and reported second-quarter earnings above expectations, sending it shares sharply higher.  Full Article 

Reuters Showcase

Silicon Valley Women

Silicon Valley Women

Despite lip service, Silicon Valley venture capital still a man’s world   Full Article 

Cyber Attacks

Cyber Attacks

U.S. government's nuclear watchdog victim of cyber attacks - report  Full Article 

Net Neutrality

Net Neutrality

Online video stars mobilize for U.S. net neutrality  Full Article 

'Heartbleed' Bug

'Heartbleed' Bug

U.S. hospital breach biggest yet to exploit Heartbleed bug - expert  Full Article 

Deal Talk

Deal Talk

Infineon agrees to buy Int'l Rectifier for $3 bln in cash  Full Article 

Reuters India Mobile

Reuters India Mobile

Get the latest news on the go. Visit Reuters India on your mobile device.  Full Coverage