Former Expedia IT support worker gets prison time for hacking execs’ emails, insider trading

A IT support technician formerly employed at Expedia offices in San Francisco was sentenced to 15 months in prison for securities fraud, plus three years supervised release.

Expedia insider trading

28-year-old San Francisco resident Jonathan Ly admitted that he used his position in tech support at Expedia to access emails of Expedia executives so that he could trade in Expedia stock and illegally profit from non-public information.

According to records filed in the case, between 2013 and 2015, Ly was employed by Bellevue based Expedia as a Senior IT Technician in the San Francisco office of subsidiary

In order to provide IT support, Ly had network privileges that allowed him to remotely access the electronic devices of Expedia executives. Using those privileges he accessed documents and emails containing non-public information on the devices of both the Chief Financial Officer and the Head of Investor Relations. Using the non-public information, he executed a series of well-timed trades in Expedia stock options.

Even after he left the company in 2015, Ly kept an Expedia laptop, and without the knowledge of the company, continued to access the electronic devices and email accounts of Expedia executives. He used his know-how to make it appear as though other Expedia employees were actually the ones accessing the devices.

Shortly after discovering the computer intrusions, Expedia reported the misconduct to the FBI and undertook its own forensic investigation. Because of the quick reporting, the FBI was able to trace the computer intrusion to Ly. As part of his plea agreement Ly will repay Expedia the $81,592 it spent investigating the computer intrusion.

“This was not a one-time lapse in judgement – this defendant used his technology skills to repeatedly invade the email accounts of Expedia executives so that he could enrich himself at the expense of others,” said US Attorney Annette Hayes. “Even after he moved on to a better paying position at a different technology firm he continued his crimes, all while trying to make it look like other employees were at fault. I commend Expedia for quickly contacting law enforcement and working with investigators to stop the computer intrusions and identify those responsible.”

Ly faces a separate Securities and Exchange Commission action requiring him to pay back $375,907 in illegal profits he made in the scheme.


Subscribe to the Help Net Security breaking news e-mail alerts:


Don't miss