Reuters is reporting that the breach of Nasdaq's Web-based service, called Directors Desk, discovered in October of 2010 and not disclosed until February of this year, was much worse than first thought.
Directors Desk, says an article from the Wall Street Journal from February, "...lets leaders of companies, including board members, securely share confidential documents." At the time, sources close to Nasdaq said that "... as far as they can tell no information from Directors Desk, which is operated separately from Nasdaq's trading platform, was taken or compromised."
However, the Reuters story now says that its sources report that the hackers were able to install malware that allowed them to spy on what was happening at the Directors Desk. What was taken - and what was done with the information - is unknown, as is how long the malware was resident before it was discovered last October.
Nasdaq says that it spends "nearly a billion dollars a year on information security" but even this amount apparently was not enough.
Nasdaq is not commenting on the story by Reuters other than to confirm that the investigation is continuing. I suspect a number of corporate directors are calling Nasdaq today asking them for a fuller explanation of what happened.