The U.S. Securities and Exchange Commission (SEC), the country’s top markets regulator, said on Wednesday hackers may have illegally profited by trading using insider information stolen from its corporate disclosure database.

The regulator said the incident took place in 2016 but that it had only detected the breach of its EDGAR system last month and that it was investigating the matter.

The hackers exploited a software glitch in the test filing component of the system to gain access to non-public information, the agency said.

EDGAR houses millions of documents that companies are required to file to the SEC so that they can be accessed by investors.

Although the SEC “promptly” patched the vulnerability after detecting it in 2016, the regulator only became aware last month that the glitch “may have provided the basis for illicit gain through trading”, it said.

“It is believed the intrusion did not result in unauthorized access to personally identifiable information, jeopardize the operations of the Commission, or result in systemic risk,” the SEC said, adding that it was also liaising with the relevant authorities without naming them.

The incident will stoke growing fears over the threat hackers pose to the integrity of the financial markets and listed companies, after Equifax, the credit data reporting giant, disclosed this month hackers had stolen data on more than 143 million customers.

Reuters also reported earlier this year that hackers had successfully managed to manipulate penny stocks by illegally gaining access to brokerage accounts.