AI Firm iLearningEngines Falls Victim to $250,000 Cyberattack Amid Financial Scrutiny

Crook breaks into AI biz, 'misdirects' $250K to own account

A Maryland AI company has confirmed to the Securities and Exchange Commission (SEC) that it lost $250,000 to a misdirected wire payment. In what appears to be a business email compromise (BEC) scheme, iLearningEngines said an unidentified cybercriminal broke into its systems and rerouted a $250,000 wire payment before deleting "a number of" emails and scramming. "When it learned of the incident, which has been contained, [iLearningEngines] activated its cybersecurity response plan and launched an internal investigation," the disclosure reads. iLearningEngines provides e-learning automation platforms for educational institutions. "The company engaged a nationally recognized forensic firm and other external advisors to assess and remediate the unauthorized activity. The company's ongoing investigation and response include continued assessment of impacted systems and data." It also said the payment wasn't recovered, nor did it suggest it was in the process of trying to recover it. BEC is big business. According to the FBI, more than 21,000 complaints were made in 2023 regarding this type of fraud, eclipsing the mere 2,825 for ransomware. The latter is likely influenced by organizations not reporting their incidents, however. The adjusted losses from BEC schemes in the US last year totaled more than $2.9 billion, the feds said. The wording used in iLearningEngines' disclosure makes for interesting reading. It said: "A threat actor illegally accessed the company's environment and certain files on its network," which suggests there was a technical intrusion - one that isn't necessarily a requirement for successful BEC fraud. BEC scams usually target staff in the finance or accounting departments of a business with phishing emails, since they're the ones who have the authority to execute wire transfers. Crooks don't necessarily need access to a genuine company email account to convince the victim to make that transfer. In fact, it's more common for attackers to spoof email addresses with subtle differences from the legitimate domain, for example, than it is to use a genuine company email account post-breach. Of course, using a genuine account will vastly improve the chances of success. Organizations with robust email security measures will be able to filter out many spoofed email attempts, flag suspicious messages or senders, and alert the user if the sender's domain is not what it appears to be. As for recovering the funds, it's not impossible but is a challenging task reliant on fast action. The first port of call should be to contact the organization's bank directly and follow their advice. Then follow the advice from the outside security experts that were drafted in, as they were in iLearningEngines' case, and then fall back on cyber insurance, assuming the victim's policy covers BEC fraud. Investors were also warned that the stolen $250,000 may not be the last of the costs incurred by the incident, but it isn't expected to have a material impact on iLearningEngines' year-end results. "Based on the information available to date, the company believes that the cybersecurity incident will have a material impact on its operations during the quarter ended December 31, 2024 but does not expect the incident to have a material impact on full-year 2024 results," the disclosure reads. "The company remains subject to various risks due to the incident, including diversion of management's attention, potential litigation, changes in customer or investor behavior, and regulatory scrutiny." As iLearningEngines alluded in its SEC disclosure, it hasn't ruled out the possibility of legal and regulatory attention to the incident. If that were to come to pass, it would only add to the list of similar issues it's already facing, such as several putative class-action lawsuits being built by lawyers alleging the company misreported revenues. The litigation is focused on allegations made in an August report about the company from "short seller" focused US investment house Hindenburg Research. The company denies the claims and points to "extensive third-party audits and reviews by leading financial institutions." iLearningEngines, which recently appointed a fresh set of execs, also announced a delay in the release of its third-quarter 2024 financial results yesterday. It reiterated that it had formed a "Special Committee of the Board of the Directors" to conduct an independent investigation into assertions made in what it described as a "recent short seller report." The company's stock price tumbled by 53 percent following the allegations and has not yet recovered. Harish Chidambaran, CEO at iLearningEngines, published a lengthy response to the allegations, rebutting each of Hindenburg's major claims. The lawyers organizing the class-action suits gave shareholders a deadline of December 6 to register their interest in joining the litigation against the company. ®

AI training software firm iLearningEngines says it lost $250,000 in recent cyberattack

U.S.-based iLearningEngines, a provider of AI training software for enterprises, has alerted regulators to a cyberattack that allowed hackers to break into its network and steal $250,000 worth of company funds. In an 8-K regulatory filing on Monday with the U.S. Securities and Exchange Commission, iLearningEngines said it had experienced a "cybersecurity incident" that saw an unnamed threat actor recently access the organization's network. The company said once inside the company's network, the hacker "misdirected a $250,000 wire payment," which iLearningEngines has not been able to recover. The company did not say exactly when the incident occurred, nor specified the nature of the cyberattack. But, the company's description of a misdirected wire payment suggests the company fell victim to a business email compromise, or BEC attack, whereby an attacker compromises or manipulates email accounts to steal funds from a company or its employees. BEC scams often target companies that conduct wire transfers, or have suppliers and vendors abroad. According to the filing, the hacker also deleted a number of email messages and accessed "certain files" on iLearningEngines' network. The company hasn't confirmed what files were accessed and has not yet responded to TechCrunch's questions. iLearningEngines says it has incurred and "may continue to incur" certain expenses related to the cybersecurity incident, and expects it to have a material impact on its operations during its fiscal quarter ending December 31, 2024. The company said it lost $314 million on revenues of $135 million during its fiscal second quarter. The company, which describes itself as an "AI-powered learning automation" firm, went public in April 2024, and says it serves over 1,000 enterprise customers.