The US financial services regulator has charged two former employees of financial services firm Capital One with insider trading after they allegedly mined customer transaction data.
The Securities and Exchange Commission (SEC) filed a lawsuit against the two former Capital One data analysts, accusing them of using non-public data to trade in the shares of consumer retail companies before financial results announcements.
The lawsuit alleges that for about 14 months the analysts, who had access to the data as part of their jobs as credit card fraud investigators, searched for information about listed companies.
“The defendants searched their employer's non-public database that recorded the credit card activity of millions of customers at numerous, predominantly consumer retail corporations,” said the SEC.
“The complaint further alleges that, in a breach of their duty to their employer, the defendants made profitable securities transactions on the basis of this material, non-public information, in advance of the public release of quarterly sales announcements by these companies,” added an SEC statement.
Read more on cyber crime
- Insider fraud detection and prevention
- Banks must prepare for state-sponsored cyber crime, says Bank of England
- Banks play down cyber attack levels
The SEC said the analysts made $2.83million through share trading.
Financial services companies spend large sums of money protecting themselves against external cyber criminals, some of which are state sponsored, according to the Bank of England. But firms cannot afford to overlook the risks inside and must implement network monitoring tools.
Data is very valuable to businesses and can be lucrative for criminals, particularly in the finance sector. Insider threats normally have all the permissions needed to copy, print, move, email and use company data to perform their everyday work. Increasing automation makes it more difficult to visually identify fraudulent activity when it occurs.