Senators ask Wall St. watchdog to review cyber breach disclosure rules

WASHINGTON (Reuters) - A group of senators on Monday asked Wall Street’s top watchdog to review and potentially update its rules governing when public companies should disclose cyber breaches, amid heightened concerns over the threat hackers pose to the financial system.

The request sent in a letter by members of the Senate Banking Committee to U.S. Securities and Exchange Commission (SEC) chair Jay Clayton follows a cyber attack on consumer credit reporting bureau Equifax Inc EFX.N and as the SEC itself faces questions over the breach of its corporate filing database.

Clayton, who on Tuesday will be quizzed by Senators over how hackers were able to access non-public information in its EDGAR database in 2016, has said he considers cyber security to be a top priority for the agency.

“Given your statements, the Equifax breach as well as the increased threat posed by cyber breaches and attacks, we ask you to have the SEC’s staff review whether the 2011 guidance ... regarding disclosure obligations relating to cyber security risks and cyber incidents should be updated,” the committee asked Clayton in the letter.

The hack into Equifax’s systems put data on up to 143 million customers at risk. The company disclosed the breach more than a month after it learned of it on July 29.

The SEC 2011 rules, which require listed companies to disclose breaches if they are material, have been criticized by lawyers and investors as too vague. On Friday, global investor group Investment Company Institute told Reuters disclosure rules for both companies and public sector bodies should be stricter.

Reporting by Michelle Price; Editing by Susan Thomas