The statement is part of an ongoing assessment of the SEC's cybersecurity risk profile that Chairman Clayton initiated upon taking office in May. It had a "software vulnerability" that was "exploited and resulted in access to nonpublic information", Clayton said in the statement.
Last week, in response to a reporter's question about the fallout from the recent Equifax hack, Clayton said the agency was working to increase public awareness of the "substantial systemic risks" associated with cybersecurity.
While the "incident" had been detected when it occurred in 2016, an internal audit ordered by Chairman Clayton discovered this August that nonpublic information was disclosed that could have been used by someone to gain an advantage in stock transactions.
Ukrainian hackers, for instance, compromised the networks of agencies such as Business Wire, PR Newswire, Marketwire for five whole years, stealing more than 150,000 news releases (including quarterly financial results) from publicly traded companies before they were made public.
Chris Pierson, CSO at electronic payment provider Viewpost, said the SEC breach was especially significant because the SEC's Division of Corporation Finance "spearheaded the requirement that public entities disclose material cybersecurity risks".
The SEC will continue to investigate the cyberattack and might coordinate with the "appropriate authorities", the statement said.
The commission's disclosure follows hard on the heels of news of a major breach at credit reference agency Equifax that affected 143 million USA consumers.
According to Reuters, the SEC in particular had previously been pulled up by the USA government accountability office for failing to implement an intrusion-detection system properly, and making mistakes regarding things as basic as firewall configuration.
The SEC discussed the 2016 hack in a lengthy statement by Clayton on the agency's cybersecurity efforts.
"It's hugely problematic and we've got to be serious about how we protect that information as a regulator", said Rep. Bill Huizenga, chairman of the House subcommittee on Capital Markets, Securities, and Investment. Banks rely on the information that Equifax and other credit-reporting companies provide in determining whether consumers should get loans.