The SEC systems (and those of other Fed Agencies) were vintage 1980's and remain vulnerable.
Few people seem to realize that their PII (personal identifying information) has been stolen and widely dispersed. The only group that is not deeply penetrated is the young and unemployed who do not file tax returns.
Financial institutions are way ahead of this problem with advanced fraud protection systems and multiple dual authentication systems. Of course, these systems flowed in response to losses that the banks took in the '90's and early 2000's. I can't remember the last time one of my bank clients complained about a penetration/loss.
This is precisely why the response to the loss of data by $EFX has been so over blown. (I am not saying that $EFX was not culpable - just that the damage of the failure is not substantial. The thieves already had most of this info and the evolution of the financial systems is ahead of the problem. Even the IRS now issues/and updates PIN's for filing returns.)
ij
It is astonishing what foolish things one can temporarily believe if one thinks too long alone ... where it is often impossible to bring one's ideas to a conclusive test either formal or experimental. J.M. Keynes
