According to a government complaint, a hacker and his associates spent six months rooting around the SEC’s corporate-filing system. The disclosures of how the hack worked is a black eye for the agency, which is itself responsible for policing companies’ cyber defenses.