Cyber Incident Victim: iLearningEngines
Date:
Nov 2024
Location:
United States of America
Summary
iLearningEngines experienced a cybersecurity incident involving unauthorized network access, resulting in a $250,000 unrecovered fraudulent wire transfer, deletion of emails, and theft of certain files. The company activated its response plan, engaged forensic experts, and contained the incident, though it anticipates material operational impacts for the current quarter. Concurrently, the organization faces an SEC probe into potential financial control weaknesses and has withdrawn reliance on all financial statements dating back to 2019 due to ongoing internal investigations. Leadership changes included placing the CFO on administrative leave and appointing interim executives. Risks from the breach include litigation, regulatory actions, and reputational harm affecting customer and investor relations.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
iLearningEngines, an AI training vendor, disclosed a cybersecurity incident on November 1, 2024, through a securities filing, revealing unauthorized access to its network environment by a threat actor. The breach resulted in a fraudulent $250,000 wire transfer, which remained unrecovered, along with the theft of certain files and deletion of email messages. The company activated its cybersecurity response plan upon discovery, though the exact date of initial detection was not publicly disclosed. An internal investigation was launched alongside engagement with a nationally recognized forensic firm and external advisors to assess and remediate the incident. iLearningEngines confirmed the incident was contained but acknowledged ongoing risks, including potential litigation, regulatory scrutiny, and operational disruptions during the quarter ending December 31, 2024. The company stated the attack would materially impact near-term operations but not its full-year 2024 results. This disclosure followed an October 17, 2024, SEC subpoena probing potential weaknesses in the company’s financial reporting controls, which had already prompted an internal investigation into allegations raised in an August 2024 Hindenburg Research report.
The incident triggered significant organizational and financial repercussions, including the retraction of all previously issued financial statements dating back to 2019 due to potential material inaccuracies identified during the internal probe. On November 12, 2024, Chief Financial Officer S. Farhan Naqvi was placed on administrative leave and reassigned to a corporate development role, with Bonnie-Jeanne Gerety appointed as Interim CFO. Three days later, Thomas Olivier was named Interim Chief Operating Officer. The company’s Audit Committee determined financial statements from 2021 through mid-2024 were unreliable, and its accounting firm, Marcum LLP, withdrew its audit opinions on prior filings. iLearningEngines warned investors of unresolved risks, including diverted management attention, customer or investor attrition, and regulatory penalties stemming from both the cyberattack and the SEC investigation. Remediation efforts continued with forensic support, but the company emphasized uncertainties regarding final financial restatements and control deficiencies. Over 1,000 enterprise customers across healthcare, education, insurance, retail, energy, and manufacturing sectors remained potentially affected by the breach’s operational and reputational fallout.