A top U.S. financial regulator faces questions about its preparation for cyber attacks, after disclosing a breach of its database of company filings.
The incident is surely an embarrassment for Clayton, who has made cybersecurity a top priority since taking helm of the agency in May.
The Equifax breach, which focused on a database that contained the personal information of 143 million Americans, focused attention on the vulnerabilities of private companies that handle sensitive personal financial information.
The SEC has said it was investigating the source of the hack but it did not say exactly when it happened or what sort of non-public data was retrieved.
"Edgar houses millions of filings that companies are required to submit to the SEC so that they can be perused by investors", as noted by Bloomberg. The SEC hasn't said what kind of information was stolen, which companies may have been affected, or if hackers made a profit.
However, it was not until August 2017 that the agency realised criminals may have used the hack to give themselves an advantage on the stock market.
Clayton said that intrusions were a reality in the current environment.
SEC Commissioners did not learn of the breach until recently.
Clayton said that the intrusion "may have provided the basis for illicit gain through trading".
Clayton is due to testify to the Senate Banking Commission next week, which should provide further information about the hacking.
"Information has become one of our country's most valuable resources, and control of that information comes with significant responsibility", Warner said.
"There is an element of, "Do as we say, not as we do" to this", said Matt Rossi, a former counsel in the SEC's enforcement division.
Although the problem was nearly immediately patched in 2016, it's noteworthy that the regulator only became aware that the glitch could have provided the basis for "illicit gains through trading" last month. With the public and lawmakers still reeling from Equifax's breach, the SEC intrusion is nearly certain to trigger additional questions over whether the USA government can do more to protect data.
The organization notes that a hack into its system that took place in 2016.
In July, months after the breach was detected, a congressional watchdog office warned that the Wall Street regulator was "at unnecessary risk of compromise" because of deficiencies in its information systems.