According to the SEC, the hacking scheme started in 2016 when 27-year-old Ukrainian hacker Oleksandr Ieremenko allegedly broke into the agency's EDGAR (Electronic Data Gathering, Analysis, and Retrieval) system, which houses corporate filings including upcoming earnings reports from publicly traded companies. Ieremenko and a number of domestic and overseas traders are accused of accessing 157 earnings announcements before the information was made public and using those filings to make trades. The hacker had access to EDGAR from May 2016 and October 2016 and reportedly obtained thousands of documents during that time.

The SEC first publicly acknowledged the breach in 2017. While the agency patched the security hole that allowed the hacker to gain access to the database, internal evaluations of the SEC's security showed the agency was aware of potential security weaknesses for years before the hack occurred.