On January 15, the Securities and Exchange Commission announced charges against nine defendants, alleging their participation in a previously disclosed scheme to hack into the SEC’s EDGAR system and extract nonpublic information to use for illegal trading. The SEC charged a Ukrainian hacker, six individual traders in California, Ukraine and Russia, and two entities. In 2015, the SEC charged the hacker and some of the traders for their involvement in a similar scheme to hack into newswire services and trade on material nonpublic information 2015 Hack).
The complaint filed by the SEC alleges that the Ukrainian hacker implicated in the 2015 Hack, turned his attention to EDGAR following the 2015 Hack and, using deceptive hacking techniques, gained access in 2016. The hacker extracted EDGAR files containing nonpublic earnings results. He then communicated those nonpublic earning results to individuals who used the information to trade during the time period between when the files were extracted and when the companies released the information to the public. According to the complaint, the traders acted on the information before at least 157 earnings releases from May to October 2016 and generated at least $4.1 million in illegal profits.
Specifically, the complaint alleges that the hacker circumvented EDGAR controls that require user authentication and then navigated within the EDGAR system. According to the complaint, the hacker obtained nonpublic “test files,” which issuers can elect to submit in advance of making their official filings to help make sure EDGAR will process the filings properly. Issuers sometimes elected to include nonpublic information in test filings, such as actual quarterly earnings results not yet released to the public. The hacker extracted nonpublic test files from SEC servers, and then passed the information to different groups of traders.
The complaint charges each of the defendants with violating antifraud provisions of the federal securities laws and related SEC antifraud rules. The SEC is seeking a final judgment ordering the defendants to pay penalties, return their ill-gotten gains with prejudgment interest, and enjoining them from committing future violations of the antifraud laws. The SEC also named and is seeking relief from four relief defendants who profited from the scheme when defendants used the relief defendants’ brokerage accounts to place illicit trades.
The US Attorney’s Office for the District of New Jersey announced related criminal charges in connection with the SEC action.
In its announcement, the SEC emphasized the prevalence of risk posed to organizations, like itself, possessing valuable information and added that the SEC is committed to, and capable of, unraveling schemes of this sort and identifying their perpetrators.
Both the SEC action and the US Attorney’s criminal case are ongoing. The full press release issued by the SEC is available here.