The U.S. Securities and Exchange Commission, which recently levied millions of dollars in fines against major corporations for allegedly allowing data theft by cyber attackers, has found itself similarly victimized by an international insider trading ring.

On Tuesday, the SEC announced that it had brought civil charges against defendants, including individuals in Ukraine, California, Russia and Korea as well as two business entities in Hong Kong and Belize, for allegedly hacking into the SEC’s own EDGAR corporate filing database from May through at least October 2016, and trading securities on the stolen data.