The United States Securities and Exchange Commission announced today that it is bringing charges against a Ukranian hacker for breaking into the agency's corporate filing system to access nonpublic information. The SEC is also charging a number of individual traders and entities who used that information to generate more than $4.1 million on illegal trades. The Attorney's Office for the District of New Jersey announced it will be bringing related criminal charges.
According to the SEC, the hacking scheme started in 2016 when 27-year-old Ukrainian hacker Oleksandr Ieremenko allegedly broke into the agency's EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system, which houses corporate filings including upcoming earnings reports from publicly traded companies. Ieremenko and a number of domestic and overseas traders are accused of accessing 157 earnings announcements before the information was made public and using those filings to make trades. The hacker had access to EDGAR from May 2016 and October 2016 and reportedly obtained thousands of documents during that time.
The SEC first publicly acknowledged the breach in 2017. While the agency patched the security hole that allowed the hacker to gain access to the database, internal evaluations of the SEC's security showed the agency was aware of potential security weaknesses for years before the hack occurred.