On December 27, 2016, the Securities and Exchange Commission (“SEC”) announced charges against three Chinese traders who allegedly made almost $3 million in illegal profits by fraudulently trading on nonpublic information that had been hacked from two New York-based law firms. This is the first action in which the SEC has brought charges in connection with an incident involving hacking into a law firm’s computer network.

The charges stem from allegations that the traders used malware to hack into the law firms’ networks and steal confidential information relating to clients’ potential M&A transactions from firm email accounts. The traders then allegedly used the stolen information to purchase shares in several public companies ahead of announcements about those companies entering into merger agreements.

Antonia Chion, Associate Director of the SEC’s Division of Enforcement, noted that the action “serves as a stark reminder to companies and firms that your networks can be vulnerable targets.”

The U.S. Attorney for the Southern District of New York is bringing criminal charges against the traders.