Nasdaq confirms its network was hacked

The tech-oriented Nasdaq stock exchange has confirmed that its network has been hacked and its customers have been notified.

In a written statement to the Wall Street Journal (WSJ) Nasdaq said it had discovered some malware files installed on a part of its network called Directors Desk – a system designed to allow company boards to store and share documents.

"The files were immediately removed and at this point there is no evidence that any Directors Desk customer information was accessed or acquired by hackers," the statement said.

"Our trading platform architecture operates independently from our web-facing services like Directors Desk and at no point was any of Nasdaq OMX's operated or serviced trading platforms compromised."

The investigation was initially started by the US Secret Service, but has been taken over by the FBI.

People familiar with the matter have confirmed to the WSJ that "so far the perpetrators appear to have just been looking around."

Motives behind the attack are still uncertain, but investigators are not ruling out unlawful financial gain, theft of trade secrets and a national security threat designed to damage the exchange.

Exchanges and traders have confirmed that business will continue as normal with Nasdaq, but the announcement is likely to raise concerns among companies either listed or considering listing with Nasdaq.

"Recent information security breaches reflect a worrying trend of very targeted hacking. Hackers have business heads in their sights as it gives them access to the most sensitive information, such as intellectual property and investment plans," said Paul Hanley, information security director at KPMG.

"Such sensitive information requires encryption or other protection, and all businesses need to start at least discussing the wider implementation of such security tactics," he added.

"Prevention, monitoring and detection are key stages to securing business systems but immediate response is imperative as soon as a breach becomes apparent. Policies and procedures need to be put in place now to investigate attacks, and to shape necessary communication with investors, stakeholders and, in some cases, the public.

"Information security attacks are a very real threat – they happen daily and just because a business or a business leader was not on a hacker's radar yesterday does not ensure safety today."