In an October 7 letter to SEC employees, Chief Information Officer Thomas Bayer said a contractor that runs the computer system for the staff ethics compliance program shared names and account numbers with a subcontractor without the SEC’s permission, in violation of the contractor’s agreement, according to a report by Reuters.
The ethics compliance program was put in place to guard against insider trading by SEC employees after the agency’s inspector general raised concerns about the issue, the report noted.
"We are not aware of any actual misuse of the data. Nevertheless, it is the SEC's policy to provide notification of any incident that presents the potential for unauthorized access to personal information”, Bayer wrote in the letter quoted by Reuters.
According to the letter, the Office of Information Technology initiated a security review in mid-September that discovered the contractor, Financial Tracking Technologies (FTT), had failed to comply with contractual obligations. Bayer said the SEC had directed FTT to "immediately terminate all access to SEC systems" by the unauthorized parties, according to Reuters.
Bayer recommended that employees consider placing a fraud alert on their credit files and offered employees a free year of credit monitoring, the report said.