The Securities and Exchange Commission is investigating the agency’s recently revealed data breach, Chairman Jay Clayton told a panel of senators on Tuesday.
Clayton also said he is looking to hire additional staff to help protect the agency’s network and data, CyberScoop reported.
Clayton fielded questions from the Banking, Housing and Urban Affairs Committee about the SEC breach as well as the Equifax breach that occurred last month.
In a lengthy written statement released last week, Clayton said that the SEC detected a breach into its EDGAR system in 2016. The database houses corporate disclosures that are not always immediately available to the public, meaning it could be used for insider trading.
Clayton told the committee that the breach was made possible by a defect in a custom piece of software used by the independent regulator. While an exact timeline of the breach is unclear, a fix was pushed out to the affected software platform after the issue was first detected, he said.
“The more custom software is the more likely it is to be vulnerable,” Clayton described.
Read more about Clayton’s testimony and the hearing on CyberScoop.