AI company tells SEC that $250,000 stolen in cyberattack

An artificial intelligence company said a hacker breached its network and stole a $250,000 wire payment in an incident likely to have a material impact on the firm’s bottom line.

iLearningEngines filed an 8-K form with the U.S. Securities and Exchange Commission on Monday notifying the agency of a recent cybersecurity incident. 

“The ongoing investigation has revealed that a threat actor illegally accessed the Company’s environment and certain files on its network, misdirected a $250,000 wire payment, and deleted a number of email messages,” the company explained.  

“The wire payment has not been recovered. When it learned of the incident, which has been contained, the Company activated its cybersecurity response plan and launched an internal investigation.”

iLearningEngines did not say when the incident occurred or was discovered but noted that outside cybersecurity firms have been hired to help with the response and investigation. 

The company added that the expenses associated with the recovery from the incident will have a short-term impact, but they don’t expect it to have a material effect on its yearly results.

“The Company remains subject to various risks due to the incident, including diversion of management’s attention, potential litigation, changes in customer or investor behavior, and regulatory scrutiny,” iLearningEngines said. 

The company, which reported revenues of $135.5 million last quarter, provides automation tools to more than 1,000 companies across several sectors including healthcare, education and retail. 

In recent months, company executives have had to defend their work against accusations that revenue figures have been artificially inflated. A law firm announced a class action lawsuit on Friday alleging the company misled investors. 

The kind of business email compromise experienced by iLearningEngines continues to be a thorny issue for companies around the globe. 

Most schemes target businesses that deal with wire transfers or automated clearing house payments, with the end goal being to get victims to mistakenly send funds to hacker-controlled accounts. 

The FBI said in 2023 that business email compromise accounted for $2.9 billion in losses. The FBI warned last year scammers “are increasingly using custodial accounts held at financial institutions for cryptocurrency exchanges or third-party payment processors, or having targeted individuals send funds directly to these platforms where funds are quickly dispersed.”

In August, about $60 million was stolen from one of the leading suppliers of carbon products after an employee was tricked into making several wire transfers to cybercriminals. A school district in Tennessee was also tricked into handing over millions.