The Securities and Exchange Commission has filed a Complaint against eight traders, one alleged hacker, and others, in connection with a previously disclosed cybersecurity attack that infiltrated the SEC’s EDGAR system in 2016. The Complaint brings claims for violations of federal securities and antifraud laws and unjust enrichment, and seeks injunctions against future securities law violations as well as disgorgement, prejudgment interest, and civil penalties.
The Complaint alleges that in 2016, a Ukrainian hacker infiltrated the EDGAR system and extracted “test files” containing non-public information, such as quarterly earnings reports, and then passed the information to traders, who traded on material, non-public information derived from the stolen test files. The defendant-traders include two California traders as well as traders in Russia and Ukraine. According to the Complaint, these defendants collectively traded in advance of at least 157 earnings releases between May and October 2016, generating more than $4 million in illegal profits. The majority of the defendants were also alleged participants in an earlier phase of the hacking scheme involving newswire services, which edit and disseminate press releases for publicly-traded companies in the United States. The Complaint does not identify by name the specific issuers whose stock was subject to the EDGAR data breach and subsequent insider trading.
The SEC’s Complaint demonstrates the agency’s interest in pursuing those responsible for the 2016 data breach while also focusing on the cybersecurity practices and disclosures of the companies it regulates. The SEC’s press release notes that parallel criminal charges have also been filed.