Dear Chairman Schapiro,
I write to raise several important concerns about the breach in the network at Nasdaq that was reported this past weekend. As you know, Nasdaq OMX Group has acknowledged that, over the course of the past year, hackers of unknown origin repeatedly tried to break into its network, specifically Directors Desk, a program that allows corporate board members and executives to exchange non-public information. Tech-savvy hackers breaching American exchanges may threaten the savings, pensions, and retirements of middle class families across the country, and it shakes the foundation of our markets that are just beginning to recover.
This disturbing information raises several pressing questions that I request that the SEC follow up on in coordination with other government agencies and private companies that are key in our financial markets. Please provide me with information about what steps are being taken in each of the following areas.
• The steps the SEC is considering taking in coordination with the Department of Justice, Department of Homeland Security, state Attorneys General, and other government agencies as appropriate to conduct a prompt and thorough investigation of the breach in the network at Nasdaq to find out who breached the network and bring them to justice. There must be serious consequences for causing disruptions to financial markets through hacking and cyber-crime.
• Consider investigating the extent to which hacking can disrupt trading platforms, both at Nasdaq and other exchanges as well, and what steps can be taken to prevent that. Although Nasdaq’s trading platform was reportedly not affected by this particular example of hacking, as a member of the Senate Banking, Housing, and Urban Affairs Committee, I have much broader concerns about the implications of this data security breach for market trading and future financial crises. One of the lessons we have learned from past financial crises, including the economically devastating crisis of 2008 and the “flash crash” of last May, is that we should be prepared for the next financial crisis by having regulations and procedures in place for potential market disruptions, even if we do not know what the exact source of that disruption will be. Security breaches by either hackers trying to gain private information for insider trading or terrorists trying to cause market disruptions is a potential source of future financial crises that we should prepare for.
• Finally, consider reviewing what policies, if any, are in place concerning when exchanges and other trading companies are required to publicly report information on security breaches, and what the effects of the timing of such revelations are on both criminal investigations and markets. The Wall Street Journal stated that Nasdaq, for example, decided to make the information about the security breach public only after the Wall Street Journal reported on it, despite the Department of Justice’s interest in the matter.
Thank you for your time, and I look forward to your response.
Cc: Attorney General Eric Holder
Homeland Security Secretary Janet Napolitano