The Most Comprehensive Data Protection Solution

Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.

First and Only Solution to Converge:

  • Data Loss Prevention
  • Endpoint Detection and Response
  • User and Entity Behavior Analytics
DATAINSIDER

Digital Guardian's Blog

Ex-SEC Employee Took Data to Land New Job

by Chris Brook on Monday October 28, 2019

Contact Us
Free Demo
Chat

The DOJ says a former SEC examiner stole information from the government agency to help him land a chief compliance officer gig at a firm he was investigating.

As we’ve learned time and time again, when abused, having privileged access at an establishment, be it a government organization or a successful enterprise, can give anyone a leg up when it comes time to leave that job.

We saw the latest instance of this last week after a former Securities and Exchange Commission employee was indicted for taking proprietary data to land a new gig at a firm he was investigating.

When Michael Cohn, previously a securities compliance officer at the agency left the SEC in 2018, he purportedly left with sensitive data on GPB Capital Holdings, a New York investment firm he’d wind up joining just four days later.

Cohn, who joined the private equity firm as a managing director and chief compliance officer in October last year did so after accessing data on SEC's Enforcement Division servers that he wasn't authorized to access. The servers contained information - much of it confidential, relating to privileged attorney-client work product - on an ongoing investigation into GPB.

According to the United States Attorney's Office of the Eastern District of New York, which unsealed an indictment last week, when Cohn was angling for the job at GPB, he told employees there he had "insider information about the SEC's investigation." Cohn even went on to disclose some of that information to some of the firm's senior management, the indictment alleges.

“The defendant abused the trust placed in him as an SEC employee,” Brooklyn U.S. Attorney Richard Donoghue said Wednesday. “No one gets a pass for breaching the security of government computer networks and misusing sensitive and confidential information for their own benefit.”

Cohn, who has since deleted his LinkedIn account, could face as many as 20 years in prison on an obstruction of justice count, five years on an unauthorized computer access county and another year on an unauthorized computer disclosure count.

The indictment (.PDF) doesn't detail exactly how Cohn accessed the data on SEC servers, like whether he technically had permission to access files and folders or if he bypassed protections enacted by the U.S. government agency.

GPB, upon learning of the news, relieved Cohn of his duties. The firm, which took little time removing Cohn's name from its ‘Our Team’ section of its website, along with a January 2019 press release about Cohn joining the firm, oversees $1.5 billion in assets.

The firm is currently being investigated by the FBI and the Financial Industry Regulatory Authority (FINRA) in addition to the SEC for failing to produce audited financial statements for its funds. In August, Berger Montague, a class action and civil litigation law firm also said it was looking into wrongdoing and potential fraud at the firm in connection with its accounting and the value of its private placements.

Wall Street image via Enrique Dans, Flickr Creative Commons

Tags: Financial Services

Recommended Resources


  • Why Data Classification is Foundational
  • How to Classify Your Data
  • Selling Data Classification to the Business
  • How to simplify the classification process
  • Why classification is important to your firm's security
  • How automation can expedite data classification

Chris Brook

Chris Brook is the editor of Data Insider. He is a technology journalist with a decade of experience writing about information security, hackers, and privacy. Chris has attended many infosec conferences and has interviewed hackers and security researchers. Prior to joining Digital Guardian he helped launch Threatpost, an independent news site which is a leading source of information about IT and business security for hundreds of thousands of professionals worldwide.