iLearningEngine was the victim of a business email compromise (BEC) attack. The AI training company filed an 8-K report with the Securities and Exchange Commission (SEC) last week, revealing that an attacker misdirected a $250,000 wire payment, deleted emails, and stole data. iLearningEngine reported that the incident will have a material impact on its operations during the fiscal quarter ending Dec. 31, 2024. The company went public in April 2024.
iLearningEngine certainly isn’t the only public company that has experienced the ripple effect of a cyber attack.
The consequences of a cyberattack, such as a socially engineered BEC, especially for public companies, are a ripple effect that can impact employees, investors, customers, partners, and other stakeholders. For example, a breach affects an organization’s ability to maintain the trust of its stakeholders as well as compliance with evolving regulatory requirements. It hamstrings a company from generating a profit and/or meeting its earnings guidance. And the resounding impact produces trickle-down costs that exacerbate the initial financial loss.
In the case of iLearningEngine, the $250,000 may end up being just the tip of the iceberg when all is said and done. The company is currently being investigated for potential violations of federal securities laws. This will likely have a negative impact on the company’s stock price which already plunged by 42% earlier this month after disclosing the incident and there are sure to be reputational repercussions as well.
Taking these factors into account, it should come as no surprise that BEC attacks are among the most expensive breaches, with average remediation costs reaching nearly $5 million per incident, according to IBM’s Cost of a Data Breach 2024 report. Public companies must disclose the incident to the SEC by filing an 8-K within four business days, which often sparks public awareness and erodes trust and profits over time. Organizations must also hire forensic experts to analyze and remediate the breach, address their vulnerabilities, and consider litigation risks, at a minimum. They also face increased audit fees, legal expenses, and reputational damage that can impact sales revenue, partnerships, and procurement costs.
In September, the FBI warned businesses about the increase in BEC scams. These attacks resulted in $55.5 billion in losses from October 2013 to December 2023. The FBI’s Internet Crime Complaint Center (IC3) states that the losses are likely much higher as not all BEC attacks are reported.
The cyberattack on iLearningEngines shows the importance of robust cybersecurity measures, especially for companies handling sensitive data and financial transactions in the AI sector.
Attacks like these strategically target an organization’s payment cycle by exploiting trust relationships between businesses and their vendors. Attackers meticulously conduct reconnaissance, often gaining access to vendor email accounts through advanced phishing or social engineering techniques. Once inside, cybercriminals can craft remarkably convincing fraudulent emails that request payment changes or submit fake invoices.
The attacks are particularly dangerous because they leverage the inherent trust within organizational processes, making them challenging to detect through traditional security measures. The complexity of these attacks is further amplified by emerging AI-driven techniques that can generate highly accurate and persuasive phishing communications such as audio and video deepfakes.
If you want to learn more about why business payment security must be a priority and how to eliminate business payment fraud, check out our Buyer’s Guide to Business Payment Security.
Stay connected by signing up to our mailing list.
We promise not to spam :)
.png)
