CME swaps reporting unit suffered data breach

[Erica Absetz <erica () riskbasedsecurity com>]

http://www.efinancialnews.com/story/2013-04-23/cme-swaps-reporting-data-breach?mod=sectionheadlines-IB-AM

DE Shaw was one of scores of firms affected by the data leak at CME's
derivatives data repository, said people familiar with the matter. The
hedge fund was notified when CME confessed to the mishap, saying it
had temporarily exposed the identity of parties that had traded in
derivatives called swaps, the people said.

The CME experienced a bug that "permitted a small number of market
participants" to see the trades of other participants on Monday April
1, said a spokesman for the Chicago company. About 500 swap
transactions tied to agriculture and energy prices out of a total of
nearly one million "were mistakenly disclosed," he said.

"We regret this incident occurred as maintaining the confidentiality
of market participant data at all times is vital to the operation of
our markets and systems," he said.

CME discovered the hitch when third parties called to clarify why they
had access to information that was supposed to be anonymous, said
people affected by the breach.

The data leak is the latest blow to a real-time transparency mandate
for swaps that came into effect in January in the US, but has so far
underwhelmed derivatives industry practitioners. Previous to this
year, such data had been disclosed only to regulators.

Some analysts have said the new price and volume data available for
swaps won't give regulators what they need to prevent a financial
crisis; others question its usefulness, considering that many traders
already pay for pricing tools and consultants.

One trader, who spoke on the condition of anonymity, said the data
breach was disturbing. "It makes you wonder what else is hanging out
there," the person said.

Swaps are used by companies, hedge funds and others to protect against
price moves in everything from interest rates and bonds to the cost of
jet fuel. The new transparency rules took effect in January amid
federal efforts to seek better disclosure in the $639 trillion swaps
market. The goal of the Commodity Futures Trading Commission, which
wrote the rule, was to make the swaps market safer and bring it onto a
level playing field with openly reported securities and futures
trades.

So far the reporting hasn't been perfect; among the hitches are
routine delays and non-standardised labelling of positions. But
certain data, including parties trading, are not meant to be disclosed
because the rule provided for counterparties to be anonymous.

Rival providers of swap data repositories include Atlanta exchange and
clearinghouse operator IntercontinentalExchange and New York's
Depository Trust & Clearing Corp., a utility controlled by major
dealers. CME recently agreed to waive fees for its reporting service
through September 30 2013.
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://datalossdb.org/mailing_list

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security equips organizations with security intelligence, risk
management services and on-demand security solutions to establish
customized risk-based programs to address information security and
compliance challenges. 

Tenable Network Security (http://www.tenable.com/)
Tenable Network Security provides a suite of solutions which unify real-time
vulnerability, event and compliance monitoring into a single, role-based, interface
for administrators, auditors and risk managers to evaluate, communicate and
report needed information for effective decision making and systems management.