SEC Edgar Phishing Hack of 2016 Netted $4m

A global insider trading scheme made $4.1m in illegal profit by hacking Edgar, the US Securities and Exchange Commission’s (SEC) corporate filings system, in 2016.

Nine defendants have had civil charges filed against them including Oleksandr Ieremenko, a Ukrainian hacker, six traders in California, Ukraine and Russia, and two other entities. Ieremenko and another alleged hacker, Artem Radchenko, also face criminal charges from the New Jersey Attorneys Office.

The hackers exploited a software vulnerability to access 157 earnings releases, and passed this non-public information that companies had filed with the US securities regulator to the traders. SEC took eight months to disclose the hack, falling short of its own guidance to public companies to report an intrusion to authorities within a week. The criminal charges claim that the alleged hackers sent emails to SEC staff that appeared to come from their colleagues at the agency, known as “phishing”. This allegedly allowed them to install malware on SEC computers to steal the information that helped access the corporate filings.