Employees of the South Korean law firm Lee & Ko have been sentenced to prison for insider trading, revealing a scheme where they illegally accessed attorney emails to profit from non-public information. The case, decided by the Seoul Southern District Court on , underscores the growing risk of data breaches and misuse of confidential information within the legal profession and its potential impact on capital markets.
Ga, a 40-year-old former IT staffer, received a prison sentence of three years and six months, along with a fine of 6 billion Korean won (approximately $4.6 million USD). Na, 41, was sentenced to three years in prison and fined 1.6 billion Korean won ($1.2 million USD). Both were also ordered to forfeit illicit gains totaling 1.82 billion and 520 million Korean won, respectively. Three additional individuals – Go, 32, and two others – received lighter sentences, including suspended jail terms and fines, for their involvement in the scheme.
The court cited the severity of the offenses, noting the defendants had “illegally secured and utilized non-public information” over a period exceeding two years. The judgment highlighted the defendants’ attempts to conceal their activities, including using family member accounts and taking out substantial loans to fund their trading activities. “The defendants undermined the fairness and trustworthiness of the capital markets, and their actions deserve strong condemnation,” the court stated.
According to the prosecution, Ga and Na, while employed in the IT department of Lee & Ko, gained unauthorized access to the email accounts of over ten attorneys in the firm’s corporate advisory team between and . They exploited this access to obtain confidential information regarding mergers and acquisitions, share offerings, and other corporate transactions before the information became public. This allowed them to execute profitable trades, generating illicit gains of approximately 1.8 billion and 500 million Korean won, respectively.
The scheme extended beyond the law firm itself. Go, an employee of MBK Special Situations, an investment advisory firm affiliated with private equity firm MBK Partners, was also implicated. Go and two other individuals were found to have leveraged non-public information obtained through meetings and internal documents to trade stocks or share the information with others. The investigation revealed that this group collectively profited by 799 million Korean won ($615,000 USD) through their illegal activities.
This case is not isolated. Recent incidents demonstrate a pattern of insider trading linked to data breaches within professional services firms. In , the U.S. Securities and Exchange Commission (SEC) settled a case involving insider trading connected to a data theft from the law firm Covington & Burling. That case involved information related to a planned acquisition of Merck & Co. Similarly, in , a data breach at Slater and Gordon, a law firm based in Australia, exposed the payroll information of its entire workforce after a spreadsheet was inadvertently sent in an all-staff email. While the Slater and Gordon incident did not involve external trading, it highlighted the vulnerability of sensitive data within large organizations.
The legal ramifications extend beyond securities law. The case against the Lee & Ko employees also included charges related to violations of computer crime statutes, specifically California’s Penal Code § 502, as demonstrated in a similar case brought by the Law Office of Jason Ingber involving a merchant funding industry insider. This underscores the increasing legal scrutiny surrounding unauthorized computer access and data theft.
The Lee & Ko case serves as a stark reminder of the potential for financial crime stemming from internal data breaches. Law firms, as custodians of highly sensitive corporate information, are increasingly becoming targets for malicious actors and vulnerable to internal misconduct. The incident is likely to prompt a review of cybersecurity protocols and data access controls within Lee & Ko and potentially across the broader legal industry. The SEC’s ongoing enforcement actions, as detailed on its website, signal a continued focus on prosecuting insider trading and protecting the integrity of the capital markets. The financial and reputational costs associated with such breaches are substantial, and firms must prioritize robust data security measures to mitigate these risks.
