Consumers’ angst over the security of sensitive financial data isn’t getting much help these days. Two weeks ago, one of the big three credit bureaus, Equifax, reported hackers had accessed the personal information of more than half of the adult population in the U.S. On Wednesday, it was the Securities and Exchange Commission announcing its systems had been breached — back in 2016.
The SEC, a government agency created during the Great Depression to oversee all financial markets, revealed in its statement that hackers last year exploited a software vulnerability in its Electronic Data Gathering, Analysis and Retrieval (Edgar) computer system. This gave the hackers access to nonpublic information about publicly traded companies.
What does this hack mean to individual investors? The short answer is, probably not much. But that doesn’t mean they should ignore the details of this incident.
The longer answer
If you were active in the market at the time of the hack, it’s possible the prices of your investments were affected by people with nefarious intentions.
Unfortunately, this is not a new phenomenon. There may be more tech-savvy means now, but people have traded on nonpublic information — what’s known as insider trading — for more than 100 years. (In recent years, Martha Stewart was famously accused of insider trading.)
And yes, that’s bad. But exactly how worried should individual investors be? Below, four of NerdWallet’s investing and personal finance writers weigh in on what this breach really means:
Dayana Yochim: This is making headlines right now because it falls so closely on the heels of Equifax’s major data breach. But it’s different — way different. Here we’re not talking about individual consumer files and personal information.
Anna-Louise Jackson: Yes, unlike with Equifax — in which hackers were able to access the personal information for about 143 million Americans — this latest incident doesn’t directly affect consumers’ data. The agency said the breach “did not result in unauthorized access to personally identifiable information.”
The more likely victims here, if any, are short-term traders who are in and out of the market all the time — as opposed to long-term owners of stock.
James Royal: SEC Chairman Jay Clayton said the breach “may have provided the basis for illicit gain through trading,” meaning the agency still is investigating whether hackers used information accessed illegally to make trades. But that word “may” is key: This probably is a wait-and-see story. That, along with the kind of information contained in these types of documents, should put you at ease this isn’t another Equifax-like hack.
AJ: The SEC chairman said this hack didn’t result in “systemic risk,” but we also don’t have specifics about what the agency is doing to ensure such hacks won’t happen again — and whether this will affect how information about public companies is disseminated in the future.
Tina Orem: One aspect of this breach is the attention it may call to the age-old debate over whether insider trading is a victimless crime. Does the average investor really suffer from this breach? Perhaps not financially, but in principle?
DY: Yes, it’s entirely possible share prices of companies you own through your 401(k) or IRA may have been affected by hackers. Basically, any individual stock that’s a member of a mutual fund or exchange-traded fund could have a trickle-down effect on your portfolio.
» MORE: What is an IRA?
JR: The more likely victims here, if any, are short-term traders who are in and out of the market all the time — as opposed to long-term owners of stock in businesses — or those holding low-quality companies that might have seen negative news escape illicitly.
What you should be worried about
DY: Even if this particular breach wasn’t harmful to individual investors, that doesn’t mean you should let your guard down. Hate to be the bearer of bad news, but there are plenty of ways individual investors can get scammed. A common one is the “hot stock tip.” Here are a few telling signs the recommendation may not be on the up-and-up:
You’re unfamiliar with the source. “XYZ TradingPro 467J” may be bragging about his awesome returns and his insider insights into some company. But he/she/it could be anyone. Another tell is when the tip comes with an urgent deadline, as in you have to act fast before everyone else finds out about it. Finally, keep in mind that the smaller the stock, in terms of market capitalization, the easier it is for fraudsters to manipulate. Penny stock “pump and dump” schemes thrive because these small companies aren’t as regulated and watched by the big guns as larger ones.
Many professionals advise investing in broad indexes of stocks. That way, you help protect yourself from the risk of a single stock blowing up and potentially derailing your portfolio.
JR: This hack is largely a nonevent for long-term, buy-and-hold-style investors who aren’t planning to sell for five, 10, 20 years or more. If you’re buying individual stocks, you want to own high-quality companies, and you want to own them for years. What happens in 2017 likely will be irrelevant to them in a few years — or sooner.
» MORE: How to dodge stock market scams
AJ: And that’s why so many professionals advise investing in broad indexes of stocks, say through mutual funds or exchange-traded funds. That way, you help protect yourself from the risk of a single stock blowing up and potentially derailing your portfolio. If you’re looking to get diversification without the hands-on approach of selecting individual stocks, ETFs may be worth a look.
» MORE: NerdWallet’s picks for the best brokers for ETF investors
The possible role of funding shortfalls
JR: Congress has been underfunding the SEC for years, even as its responsibilities grow with recent legislation such as Dodd-Frank, which regulates financial firms more. For example, in 2014, Congress slashed the agency’s budget for improvements to IT infrastructure by 50%, or $50 million. It’s hard not to see the connection with subsequent chicanery.
The thing is, properly funding the SEC does not cost taxpayers anything. The SEC’s budget is not financed by tax revenue but rather by fees on financial firms. In fact, underfunding costs consumers more money because the SEC brings in net positive revenue through fines and penalties, helping reduce the budget deficit, ultimately contributing hundreds of millions. SEC leaders have pleaded for years for more funding.
AJ: And it’s not the first time the SEC has been hacked. In 2015, the agency charged 32 people in a scheme to trade on hacked news releases. Fraud, cyber and security alerts were dubbed the “new normal” by executives surveyed earlier this year for a report sponsored by a risk management company. We’ve seen hacks in politics and across a variety of levels, so everyone — the SEC included — probably is susceptible, at some level.
AJ: My takeaway is people shouldn’t needlessly worry about what happened a year ago. Even if someone else profited from ill-gotten information, the impact on your portfolio will be hard to quantify. Investing in the stock market is inherently risky, but there are a lot of ways to manage that risk. You win in the long run with a long-term investing strategy.
JR: It’s usually a good strategy to buy when investors get scared about short-term events that don’t matter to a well-run company’s long-term success. Look for opportunities to buy those good companies on dips when you can and then hold on. Or, as Warren Buffett says, “Be fearful when others are greedy and greedy only when others are fearful.”
More on investing