• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

SEC Files Complaint Against Hacker, Traders in EDGAR Data Breach Case

January 18, 2019 By Privacy & Data Security Team

The Securities and Exchange Commission has filed a Complaint against eight traders, one alleged hacker, and others, in connection with a previously disclosed cybersecurity attack that infiltrated the SEC’s EDGAR system in 2016.  The Complaint brings claims for violations of federal securities and antifraud laws and unjust enrichment, and seeks injunctions against future securities law violations as well as disgorgement, prejudgment interest, and civil penalties.

The Complaint alleges that in 2016, a Ukrainian hacker infiltrated the EDGAR system and extracted “test files” containing non-public information, such as quarterly earnings reports, and then passed the information to traders, who traded on material, non-public information derived from the stolen test files.  The defendant-traders include two California traders as well as traders in Russia and Ukraine.  According to the Complaint, these defendants collectively traded in advance of at least 157 earnings releases between May and October 2016, generating more than $4 million in illegal profits.  The majority of the defendants were also alleged participants in an earlier phase of the hacking scheme involving newswire services, which edit and disseminate press releases for publicly-traded companies in the United States.  The Complaint does not identify by name the specific issuers whose stock was subject to the EDGAR data breach and subsequent insider trading.

The SEC’s Complaint demonstrates the agency’s interest in pursuing those responsible for the 2016 data breach while also focusing on the cybersecurity practices and disclosures of the companies it regulates. The SEC’s press release notes that parallel criminal charges have also been filed.

Filed Under: Cybersecurity, Data Breach Tagged With: Securities and Exchange Commission

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • European Commission Adopts Draft UK Adequacy Decision
  • NYDFS Issues Best Practices for Cyber Insurance Risk Management
  • Fifth Circuit Decision Raises Cyber Enforcement Complications for the U.S. Department of Health and Human Services
  • Virginia Ready to Pass First State Privacy Statute after CCPA
  • The EDPB-EDPS Joint Opinion on Data Processing Standard Contractual Clauses: Key Takeaways
Copyright © 2021 · Alston & Bird · All Rights Reserved. Privacy.