United States: SEC Charges Several Individuals For Hacking Into EDGAR System

The SEC charged nine defendants for (i) hacking into the SEC's online Electronic Data Gathering, Analysis, and Retrieval ("EDGAR") system to acquire material nonpublic documents and (ii) trading on that information. Those charged included a Ukrainian hacker, six individual traders in California, Ukraine and Russia, and two entities.

According to the SEC Complaint, the Ukrainian hacker and several of the traders were previously involved in a similar scheme to hack into newswire services and profit by illegally trading on material nonpublic information contained in the pre-releases. The SEC charged the hacker and other traders for that conduct in 2015.

The Complaint alleges that the Ukrainian hacker made false statements and utilized multiple deceptive techniques to acquire thousands of nonpublic "test filings" from the SEC's EDGAR system's servers. Some of the test filings contained material nonpublic information, which allegedly was then sent to the traders, who used it to place securities trades prior to the information being publicly released.

According to the SEC, the traders then "monetized the information by purchasing or selling short the relevant securities" and reaping gains from the market reaction after the information was sent to the public. The traders then allegedly "kicked back" a part of the trading profits to the Ukrainian hacker. The Complaint claims that the scheme reaped over $4 million in ill-gotten gains from trading on the material nonpublic information contained in the EDGAR "test filings."

The SEC requested that the Court enter Final Judgments ordering defendants to, among other things: (i) "disgorge, with prejudgment interest, all illicit trading profits, avoided losses or other ill-gotten gains received by any person or entity" due to the alleged actions, and (ii) pay civil penalties.

In a parallel action, the DOJ filed related criminal charges against the Ukrainian hacker and one of the traders based in Russia.

Commentary

This case stands out for the brazenness of the scheme and is an important reminder of the risks that hackers pose to companies and the market. It is also an example of the SEC's increased capability to analyze trading data and track down the perpetrators of sophisticated schemes.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.