ISLAMABAD: The Securities Exchange Commission of Pakistan on Thursday decided to initiate all legal resources against those involved in unauthorized access of companies data.
According to the details, recent posts on social media relating to reports of companies data being stolen, SECP has clarified that the company registry represents public information, and is available to the general public by paying necessary fees under the law.
In addition, certain information is publicly available on our website for the general public’s review, in line with international best practices of corporate registries, the SECP said in a press release.
It was recently identified that an incident involving web scraping of the data available at SECP’s website had taken place, as a result of which an unauthorized data extraction was performed. Following this incident, certain data has been copied and published without authorisation. All the fields of data published are available under Form-A and Form-29 upon payment of a fee.
Owing to the nature of the access, as soon as the matter came to the commission’s notice, XML tags were restricted immediately. To further strengthen the API protection, requisite modifications have been put in place.
Furthermore, until a complete vulnerability assessment and penetration testing is completed, company name search available on the SECP website has been temporarily suspended.
Simultaneously, SECP is initiating all legal recourses against those involved in this unauthorized access.
The SECP has attended to this matter with utmost urgency and will continue to ensure the integrity of its systems and data at the highest standards, the press release said.