KARACHI: The perception or suspicion of leakage of confidential information, which made headlines last week, has stirred a hornet’s nest.

Although the timing of the incident goes back more than four years to 2008, there are concerns of whether it had anything to do with the events that led to the great fall of the KSE, which had wiped out more than half of the investors’ capital and caused an unprecedented turmoil.

Most knowledgeable people believe that the Pakistan stock market suffered due to the impact of the global equity market meltdown. That having settled the next big question that remained unanswered was: Did some unauthorised people have access to confidential information/data and profited by it?

Zafar Abdullah, Commissioner Securities Market Division, told Dawn on Monday: “SECP is closely monitoring the allegations of misuse of trading data by the employees of stock exchanges and has instructed the management of KSE to share the results of investigations as soon as the same is concluded and the names of person(s) who have benefited from the leakage of the confidential information.

“On the basis of the investigation report, stern action, in accordance with the law, will be taken against any person found to be involved in any sort of unauthorised use or misuse of the trading data/confidential information.”

But the KSE has already denied any wrongdoing. “The management of KSE emphatically states that no information security breach exists in the exchange,” the KSE had responded in a written statement on the matter.

It explained that the management received information in Aug 2013 alleging that in 2008 some IT personnel had access to KSE’s IT system during that period. Immediately upon receipt of this information management informed the board and which appointed outside forensic specialists to investigate the allegations. The relevant regulators were also informed of those developments.

A forensic report was submitted to the board by the outside consultants in Dec 2013. The report did not find any evidence of leakage of trading data.

Based on the findings of the report and recommendations of the consultants, certain vulnerabilities identified in the KSE network related to e-mail servers were immediately rectified, along with additional security measures put in place to protect the exchange’s IT data and network infrastructure as recommended by the consultants.

The management also removed from service several IT staff as they were deemed to have acted inappropriately with respect to not following operational procedures.

The board also constituted a group consisting of outside forensic specialists and senior management personnel of the bourse to further investigate and ascertain if there was any actual leakage of propriety and/or confidential information due to past vulnerabilities identified by the consultants, which have already been rectified.

This internal enquiry is ongoing and its findings will be reported to the board in due course.

“The KSE is extremely cognizant of the sensitive nature of data within the exchange’s IT and operational systems and has in place information access matrix requiring several levels of authorisations to access data relevant to the normal functioning of specific departments,” the management statement said, and added that no one including the managing director had access to live data and even the Surveillance department can access data after due authorisation on a minimum T+1 basis while the SECP itself receives data feeds at end of the day only since 2011.