By Douglas Gillison
(Reuters) – A recent audit showed an “elevated” risk of a data leakage from the comprehensive market data surveillance system used by Wall Street’s top regulator, according to a watchdog report made public this week.
While the Office of Inspector General at the U.S. Securities and Exchange Commission said the agency had taken recent steps to address the problem, the findings may bolster criticism from Republicans and lobby groups, who say the so-called Consolidated Audit Trail (CAT) system threatens the security of private individuals’ data.
According to the audit report, during the review period the SEC did not take steps to detect and prevent data leakage or regularly ensure that users complied with data safeguards. Officials were unable to monitor and block emails containing CAT data, for example.
Another of the audit’s findings was redacted for security reasons.
The SEC did not immediately respond to a request for comment but said in a written response published with the report that SEC data security was in transition during the audit period of January 2023 to August 2024.
It said officials had since adopted enhanced security controls that exceed federal requirements. The SEC also accepted all of the report’s recommended fixes.
The Commission in February ended the requirement to supply users’ names, addresses and years of birth into the CAT.
The report’s findings come as Elon Musk’s Department of Government Efficiency, which has drawn Democrats’ ire over its access to sensitive government data, is in the early stages of accessing SEC systems. SEC officials say this will be subject to conditions.
In 2012, the SEC mandated the creation of the CAT as a response to the so-called “flash crash” of two years earlier, when a sudden plunge on major Wall Street indices temporarily erased nearly $1 trillion in market value.
The CAT, which is operated by the Financial Industry Regulatory Authority, an industry-funded self-regulatory organization overseen by the SEC, began operating in phases starting in 2020.
It contains transaction and customer data using anonymous identifiers and ID numbers. As of last year, more than 200 SEC staff members had access to it, according to the report.
Officials have cited CAT data in the prosecution of an alleged $47 million front-running scheme, the exposure of alleged fraudulent trading and a review of the 2021 GameStop fiasco.
(Reporting by Douglas Gillison; Editing by Joe Bavier)
Comments