Raising new concerns over security at exchanges, Nasdaq OMX says hackers have infiltrated its computer systems, gaining access to highly confidential data on publicly listed companies.
The operator of the Nasdaq Stock Exchange said it found "suspicious files" on its computer servers, in a Web application called Directors Desk which is used by members of corporations' boards of directors who want to share information and files.
Nasdaq said there was no evidence that its trading platforms had been compromised.
According to the Wall Street Journal, the FBI and outside forensic companies are conducting an investigation with the help of securities regulators.
While the area hacked into isn't a 'core business', the incident should raise concern at other exchanges and financial firms, says Sang Lee, managing partner at Aite Group.
The infiltration will deal a new blow to investor confidence, already shaken by the May 6 Flash Crash.
"Especially as an exchange, Nasdaq is taking it seriously and addressing the issue. I don't think there is a short term implication, but it does raise overall market awareness of security problems," Lee adds, noting that the hacking should lead all exchanges to reassess their security policy.
None of the hacked files have been leaked - so far. While it is difficult to say what the hackers' real intentions were, some industry insiders say the real targets of hackers could be the top executives of corporations using the "Directors Desk" product rather than Nasdaq itself.
"What seems most likely is that the web servers were compromised in an attempt to use them to inject malicious software into their clients," commented one reader of the nakedsecurity.sophos.com blog.
This would be similar to the "Operation Aurora" attacks reported by Google in January 2010, which reportedly compromised almost 3000 corporations, the security blog noted.
Still, one of the major fallouts from this incident is likely to be that exchanges and financial firms will reassess next-generation business models such as open source and cloud computing, suggests Aite's Lee.
The Nasdaq incidence comes as officials at the London Stock Exchange and UK security services are investigating a possible breach of its open-sourced trading platform, according to a report published last month in the Times of London.
Officials believe that the LSE hack attack occurred last year and may have been responsible for a UK Flash Crash late last summer.
"[The use of cloud computing and open source] have been relegated by firms to areas that are not core businesses. But after this incident, all the main businesses may look at whether or not that type of open source environment has made it easier for people to hack into. It may not be the case. As far as I understand it, if hackers put in the hours, they can hack into [any] system. But has open source made it easier? Firms will be looking into that."