SEC Filings Stolen and Used in $4.1 Million Insider Trading Scheme

by: The Knowledge Group

January 24, 2019


The U.S. Attorney’s Office for the District of New Jersey has indicted two twenty-something Ukrainians for computer hacking and securities fraud.

  • Their target: The U.S. Securities and Exchange Commission.
  • Their scheme: Trading on companies’ private financial information before the details were known in the market.
  • How they attacked: The cyber attacks included phishing schemes and the use of malware to infect SEC computers. When they obtained the information they sought, they uploaded copies to a server in Lithuania. Thus, the Office of International Affairs within the Department of Justice is involved in the investigation.
  • Their haul: Thousands of filings from publicly traded companies submitting to the SEC through its EDGAR system, including preliminary, or test, earnings reports detailing confidential financial information. Such details, when later made public, affect companies’ stock prices, and therefore are treated as highly confidential prior to public disclosure.
  • Their gains: In one instance, a conspirator acquired then sold shares in a company for more than $270,000 in profit. All told, the pair and several other parties were able to affect multiple trades based on inside information in 2016, amounting to $4.1+ million in profit.
Post-Hack Analysis

In October 2016, the SEC found evidence of the breach and closed off the EDGAR filing system to the hackers. The hackers then attempted to get back into EDGAR by sending SEC employees phishing emails designed to look like emails from their co-workers. The phishing attempts continued for months.

But it wasn’t until late 2017 that the SEC figured out the hacked text filings turned into systematic insider trading. Often, fixing a breach is only the beginning part of grappling with the damage when an agency or company is hacked.

Although online fraud cannot be avoided, it can at least be anticipated. The Knowledge Group keeps leaders up to date with regular webcasts featuring experts in the areas of cybersecurity, fraud, and white-collar crime.

Featured Webcast: The SEC’s New Smaller Reporting Company and XBRL Rules: What to Know, What to Do

Date & Time: 02/06/2019 at 12:00 pm – 1:00 pm ET

Credit Total: 1.0 Continuing Legal Education Credit (CLE)