The U.S. Securities and Exchange Commission database that was hacked is decades old, former SEC attorney Scott Kimpel told CNBC on Thursday.
The country's top regulator said on Wednesday it discovered last month that its corporate disclosure database was breached in 2016. It is currently investigating the matter, which may have resulted in hackers profiting by trading using insider information stolen from the system.
Kimpel said there are various security systems that are put in place in the SEC's database.
However, "you are dealing with a system that really was built in the 1980s and has been updated through patches over the last three decades," he said in an interview with "Power Lunch."
"Certainly a sophisticated threat actor, be it a nation-state or organized crime or some other person with those sort of inclinations, could very easily find ways into the system."
However, former SEC counsel Bradley Bondi told "Closing Bell" he was very surprised by the intrusion given the tight security in that part of the SEC's system.
"What happened here was the equivalent of a hacker going into Fort Knox and stealing some gold bars," he said.