The SEC is warning staffers that their personal brokerage account information may have been compromised, after it uncovered security flaws with an ethics compliance program. Oddly enough, the SEC put the program in place after its internal watchdog raised concerns about possible insider trading among SEC staffers. SEC CIO Thomas Bayer said that the contractor hired to operate a computer program that tracks trades had violated its agreement with the SEC by providing names and account numbers to a subcontractor without permission. In a letter to staffers, he said the agency is "not aware of any actual misuse of the data." The contractor, Financial Tracking Technologies LLC, was selected by the SEC in the second quarter of 2009 to set up the new ethics system. The changes came after the agency's Inspector General, H. David Kotz, issued a March 2009 report alleging that two agency employees possibly engaged in insider trading. Although no civil or criminal actions have resulted from that report, it prompted a major shake-up in how the SEC tracks the trades of its employees. In addition to developing the computer system now the subject of the security breach, the agency also issued new internal rules requiring the preclearance of all trades and prohibiting the trading in securities of any company under investigation. According to the SEC's letter to employees, the Office of Information Technology initiated on September 16 a security review that discovered FTT had failed to comply with contractual obligations. The agency first learned of the possible breach after a former FTT employee came forward with concerns about how the data was being handled. The SEC's IT office found that since June 2009, FTT had engaged one or more consultants and subcontracted with a global technology and business services firm. The SEC said FTT had given those firms access to personal data without notifying or seeking approval from the market regulator. As a result, none of those third parties had been properly vetted. Bayer said the SEC had directed FTT to "immediately terminate all access to SEC systems" by the unauthorized parties. The SEC said employees should consider placing a fraud alert on their credit files. The agency also said it will offer employees a free year of credit monitoring. [Reuters, 10/14/11]