The Most Comprehensive Data Protection Solution
Discover, classify, and protect your data from all threats with the only Gartner Magic Quadrant DLP and Forrester Wave EDR Leader.
First and Only Solution to Converge:
- Data Loss Prevention
- Endpoint Detection and Response
- User and Entity Behavior Analytics
The DOJ says a former SEC examiner stole information from the government agency to help him land a chief compliance officer gig at a firm he was investigating.
As we’ve learned time and time again, when abused, having privileged access at an establishment, be it a government organization or a successful enterprise, can give anyone a leg up when it comes time to leave that job.
We saw the latest instance of this last week after a former Securities and Exchange Commission employee was indicted for taking proprietary data to land a new gig at a firm he was investigating.
When Michael Cohn, previously a securities compliance officer at the agency left the SEC in 2018, he purportedly left with sensitive data on GPB Capital Holdings, a New York investment firm he’d wind up joining just four days later.
Cohn, who joined the private equity firm as a managing director and chief compliance officer in October last year did so after accessing data on SEC's Enforcement Division servers that he wasn't authorized to access. The servers contained information - much of it confidential, relating to privileged attorney-client work product - on an ongoing investigation into GPB.
— US Attorney EDNY (@EDNYnews) October 23, 2019
According to the United States Attorney's Office of the Eastern District of New York, which unsealed an indictment last week, when Cohn was angling for the job at GPB, he told employees there he had "insider information about the SEC's investigation." Cohn even went on to disclose some of that information to some of the firm's senior management, the indictment alleges.
“The defendant abused the trust placed in him as an SEC employee,” Brooklyn U.S. Attorney Richard Donoghue said Wednesday. “No one gets a pass for breaching the security of government computer networks and misusing sensitive and confidential information for their own benefit.”
Cohn, who has since deleted his LinkedIn account, could face as many as 20 years in prison on an obstruction of justice count, five years on an unauthorized computer access county and another year on an unauthorized computer disclosure count.
The indictment (.PDF) doesn't detail exactly how Cohn accessed the data on SEC servers, like whether he technically had permission to access files and folders or if he bypassed protections enacted by the U.S. government agency.
GPB, upon learning of the news, relieved Cohn of his duties. The firm, which took little time removing Cohn's name from its ‘Our Team’ section of its website, along with a January 2019 press release about Cohn joining the firm, oversees $1.5 billion in assets.
The firm is currently being investigated by the FBI and the Financial Industry Regulatory Authority (FINRA) in addition to the SEC for failing to produce audited financial statements for its funds. In August, Berger Montague, a class action and civil litigation law firm also said it was looking into wrongdoing and potential fraud at the firm in connection with its accounting and the value of its private placements.
Wall Street image via Enrique Dans, Flickr Creative Commons