The proper handling, management and protection of confidential information continues to be a major risk management issue facing companies, their executives, employees, and the boards that oversee them. (See our previous post Risk Management in a Digital World – Addressing Cyber-Security Threats at the Board Level, dated January 9, 2015). Recently, the Securities and Exchange Commission (the “SEC”) commenced a civil complaint against over 30 individuals and firms from around the world that are alleged to have stolen 150,000 confidential press releases of publicly-traded companies from several newswires services’ computer systems. At the time the press releases were stolen they had not yet been released to the public. At least one of the hacked newswire services is based in Toronto. Criminal charges, including various fraud and conspiracy charges have been brought by US Federal Prosecutors in New York and New Jersey against several of the individuals alleged to have been involved with the scheme.

The confidential press releases, allegedly stolen by Ukrainian hackers were shared with traders in the United States and Europe, who traded on the non-public information and in turn made profits of over $100 million over a five year period.

Additional Complexity in the Detection and Enforcement of Insider Trading

This recent case highlights the increasing complexity facing securities regulators in their efforts to combat insider trading. As we have previously discussed in earlier blog posts, prosecutions of more traditional forms of insider trading have proven challenging for regulators in Canada and in the United States. The risks and dangers presented by cybercrime both at a local and global level add additional challenges that will have to be met by securities regulators in their enforcement of insider trading and other securities laws, particularly given the untraditional source of the information alleged to have been misused in these instances. Securities regulators will have to work with corporations, newswire services, and those charged with the safeguarding of confidential information, in remaining vigilant in the prevention and detection of securities related cybercrimes.