Cyber Incident Victim: Expedia Group
Date:
Jan 2013
Location:
United States of America
Summary
A former IT employee at Expedia infiltrated senior executives' devices by stealing passwords, accessing confidential emails and documents to conduct insider trading in stock options, netting $331,000 in illicit profits. The individual continued unauthorized access even after leaving the company by retaining corporate equipment and impersonating other employees. The breach was detected through enhanced monitoring systems, prompting the victim organization to collaborate with law enforcement. The perpetrator pleaded guilty to securities fraud, agreeing to repay all illegal gains and investigation costs while facing potential imprisonment. Authorities highlighted the egregious abuse of trust and privacy violations against both the company and colleagues.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between 2013 and 2016, Jonathan Ly, a senior IT technician in Expedia's Hotwire.com division, conducted an insider trading scheme by exploiting unauthorized access to confidential corporate information. Ly stole passwords and infiltrated electronic devices belonging to Expedia's chief financial officer and head of investor relations, leveraging his technical position to remotely access executives' documents and emails. Prosecutors confirmed he specifically targeted sensitive materials prepared by the head of investor relations, which contained analyses of how financial markets would react to upcoming company announcements. This pre-release information enabled Ly to execute "highly profitable" trades in Expedia stock options, generating $331,000 in illegal profits. The scheme continued even after Ly left Expedia in 2015, as he retained a company laptop without authorization and maintained access to executive accounts, deliberately masking his activities to appear as legitimate employee access. His actions constituted securities fraud through the systematic exploitation of nonpublic material information over nearly three years.
Expedia detected the intrusion through enhanced monitoring systems and promptly contacted the FBI, initiating an investigation that uncovered the full scope of Ly's activities. The company incurred $81,592 in investigation costs, which Ly agreed to repay as part of his plea agreement. On December 5, 2016, Ly pleaded guilty to securities fraud in U.S. District Court in Seattle, facing a maximum penalty of 25 years imprisonment and a $250,000 fine, with sentencing scheduled for February 28, 2017. The SEC settlement required Ly to pay $375,907 in disgorgement and interest, pending court approval. Authorities emphasized the severity of Ly's breach of trust, with the FBI noting he violated both public confidence in fair markets and the privacy of colleagues. Expedia confirmed its cooperation with law enforcement throughout the investigation, stating the company's monitoring practices were instrumental in identifying the intrusion. U.S. Attorney Annette Hayes characterized the scheme as a "get-rich-quick" exploitation of corporate networks, while Ly's legal counsel publicly acknowledged his remorse and acceptance of responsibility.