When I talk to some people, their first comment is “we are no one special, who would want to steal our stuff?”
The news today is an example of who and why. The Justice Department announced charges against 9 defendants for breaking into several press release services and stealing information before it became public. They would then execute stock trades to their advantage, leveraging the change in stock prices that occurred when the embargoed news releases come out.
There are a number of players in this game – the companies who created the news releases, the press release services, the hackers, the mules the hackers used to run the trades and the rest of the shareholders, to name a few. Potentially – and that is a big if – they all could be involved in litigation. Both the company and the news service for not doing a better job of protecting the information. The hackers and their mules for breaking the law and the remaining shareholders who could claim that they were adversely affected by the stock price manipulation. After all, if the hackers made a hundred million, what about the legitimate shareholders.
All will likely be on one side or the other of one or more lawsuits. Lawsuits that, besides the potential of an expensive verdict against them, take time, cost money and distract people from their primary business purpose.
The U.S. Attorney for New Jersey who announced the indictments said the 9 people mentioned above made $30 million off this scheme and another 23 people brought the total netted from this up to around $100 million.
PR Newswire, one of the firms that was hacked over that five year period, will have to explain how come they did not do more the kick the hackers out and keep them out. Apparently, they knew at some level that the hackers were in their systems and thought they kicked them out. Given they knew they had been hacked, did they “up their game” to make sure that the hackers were really out? Also, it is unclear if they notified their customers when they discovered hackers in their systems in the past. While there may not be any legal requirement to do that, their could be a contractual requirement.
From the company’s side, they are going to have to explain and justify their process for vetting their vendor’s security. For many companies, the process is “What process?” Given their vendor is at the center of a big mess, the company is likely to get dragged in.
The hackers and mules will face a variety of charges including identity theft, wire fraud and money laundering, among others.
The stockholders will likely sue the companies saying that they were damaged due to this insider trading.
And, since publicly traded stocks are involved, the Securities and Exchange Commission is involved and will likely contribute to the time lost.
So the next time you say “who me”, consider these companies (tens of thousands of press releases were stolen). All they wanted to do is simplify the process of distributing press releases and now, for years to come, they are going to be distracted by legal proceedings.
Information from this post came from Dark Reading.