The Securities and Exchange Commission, the top U.S. markets regulator, disclosed on Wednesday evening that hackers had infiltrated its database that stores public company financial filings, potentially allowing intruders to trade on inside information.
Jay Clayton, the SEC’s chairman, said in a statement that the agency first detected the breach a year ago. In August, he said the SEC learned additionally that it “may have provided the basis for illicit gain through trading.”
To gain entry, the hackers exploited a software vulnerability in the agency’s EDGAR system—short for “electronic data gathering, analysis, and retrieval” system—where companies submit their financial filings online. The security hole “was patched promptly after discovery,” Clayton said.
“We believe the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,” Clayton said.
Get Data Sheet, Fortune’s technology newsletter
The SEC said it is investigating the matter and is cooperating with law enforcement.
“Effective management of internal cybersecurity risk is critical to the SEC achieving its mission and to protecting the nonpublic information that is entrusted to this agency,” said Michael Piwowar, SEC Commissioner, in a separate statement.
