SEC Files Charges in Hacking Case Commission Says 4 Firms Unwittingly Helped Latvian Trader Gain Access to Brokerage Accounts By JEAN EAGLESHAM And ANDREW ACKERMAN U.S. securities regulators stepped up their battle against hackers Thursday, filing civil charges against four firms that allegedly became unwitting enablers of a complex fraud by a Latvian trader. In one of the first cases of its kind, the Securities and Exchange Commission took enforcement action against four U.S.-based electronic trading firms used by the trader as well as charging the alleged hacker himself. The SEC said Igors Nagaicevs, 34 years old, combined hacking with stock manipulation to execute a "brazen and systematic securities fraud" that netted him more than $850,000 in illegal profits. Mr. Nagaicevs couldn't be reached for comment Thursday. The SEC filed its action while he was still outside the U.S. and he has yet to be served with the charges, officials said. The SEC alleged that Mr. Nagaicevs hacked into the online brokerage accounts of customers at large U.S. broker-dealers more than 150 times between June 2009 and August 2010. Officials declined to disclose those broker-dealers targeted but said they had compensated their customers for the total of more $2 million lost due to the alleged hacking. Mr. Nagaicevs drove the prices of more than 100 stocks up or down by making unauthorized purchases or sales in the "hijacked" accounts, the SEC said. He profited from these artificial price movements by trading the stocks, using the "unfettered" anonymous access to the U.S. markets offered by four online electronic firms, the SEC said. Officials said the firms should have been registered as brokers but weren't, exposing "U.S. markets to real harm by evading crucial safeguards of the federal securities laws." The trading took place before the SEC last year implemented new rules governing the way broker-dealers allow their customers to trade on U.S. exchanges, which include heightened controls and monitoring of customers' activity. "This case should send a strong message to firms allowing individuals access to U.S. trading markets that they are expected to comply with rules that require such traders to be properly vetted," Sanjay Wadhwa, deputy chief of the SEC's market abuse enforcement unit, said in an interview. One of the four trading firms, Mercury Capital of La Jolla, Calif., and its president, Lisa Hyatt, agreed to settle charges. Richard Rizzo, an associate at Zanshin Enterprises LLC, of Boise, Idaho, another of the trading firms, also agreed to settle SEC charges, though his firm is contesting them. Ms. Hyatt and Mr. Rizzo each agreed to pay a $35,000 penalty, the SEC said. Mercury Capital, which will pay no penalty as part of its settlement, is no longer in business. A lawyer for Mr. Rizzo said the modest penalty agreed to by the SEC showed his client "never intentionally allowed the activities alleged against Mr. Nagaicevs." The two other trading firmsâAlchemy Ventures of San Mateo, Calif., and KM Capital Management of Philadelphiaâare also contesting the SEC's charges. A lawyer for KM Capital Management and its two co-owners declined to comment. Lawyers for the other firms and executives didn't return calls seeking comment. The SEC's lawsuit came the same day the Financial Industry Regulatory Authority, a self-regulatory organization that oversees broker-dealers, warned investors of e-mail hack attacks. "Finra has received an increasing number of reports involving investor funds being stolen by fraudsters who first gain access to the investor's email account and then email instructions to the firm to transfer money out of the brokerage account," the alert said. Finra warned investors to check their brokerage accounts for unauthorized transactions and to change their account login information such as their passwords. âJacob Bunge contributed to this article.