Biglaw Attorney Allegedly Turned His Résumé Into a Decade-Long Insider Trading Operation

Photo by Bridget Adolfo on Unsplash

Key Takeaways

• On May 6, 2026, the DOJ indicted 30 lawyers and financial professionals — including a Yale Law graduate who worked at four elite Biglaw firms — for an alleged 10-year insider trading scheme.
• The alleged ringleader, Nicolo Nourafchan, reportedly exploited his access to internal law firm document systems to steal confidential M&A data ahead of nearly 30 deals, generating tens of millions in illegal profits.
• The case exposes critical vulnerabilities in how law firms protect sensitive deal information, accelerating calls for stronger legal technology and AI-powered monitoring tools.
• The SEC separately charged 21 individuals in the same scheme (SEC press release 2026-44), making this one of the largest coordinated insider trading crackdowns in recent U.S. history.

What Happened

On May 6, 2026, federal prosecutors in Boston announced one of the most sweeping insider trading crackdowns in U.S. history. The Department of Justice indicted 30 corporate attorneys and financial professionals — and arrested 19 of them — for allegedly running a coordinated scheme to steal confidential merger and acquisition (M&A) data from some of America's most prestigious law firms over a full decade. Two defendants reportedly remain at large as fugitives in Russia and Israel.

At the center of the alleged operation is Nicolo Nourafchan, 43, a Yale Law School graduate with a résumé that reads like a who's who of elite Biglaw: he worked at Sidley Austin, Latham & Watkins, Cleary Gottlieb, and Goodwin Procter between approximately 2013 and 2023. According to prosecutors, Nourafchan didn't just leverage his legal career — he allegedly weaponized it, using his access to internal law firm networks to steal nonpublic deal information and trade on it before those deals were announced to the public.

His alleged co-conspirator, New York personal injury attorney Robert Yadgarov, helped recruit other lawyers and insiders as paid informants, handing over hundreds of thousands of dollars in cash per source. The alleged operation ran from approximately March 2014 through August 2024. To evade detection, the group reportedly relied on burner phones, coded language, and in-person meetings rather than traceable digital communications.

One of the most striking examples cited in the indictment: Nourafchan allegedly accessed confidential materials related to Amazon's proposed $1.7 billion acquisition of iRobot in 2022 — while officially “on leave” from Goodwin Procter, the firm serving as iRobot's legal advisor on the deal. The SEC separately charged 21 individuals in connection with the same wide-reaching scheme under SEC press release 2026-44.

Photo by Annie Spratt on Unsplash

Why It Matters for You

This case shakes the foundation of something most people take for granted: the idea that when you hire a lawyer — especially for something as significant as a business deal or a corporate merger — that information stays private.

Think of it this way. When you visit a doctor, you trust that your conversation stays within those four walls. The same expectation applies to attorneys. In the world of high-stakes corporate deals, that confidentiality isn't just a professional courtesy — it's the backbone of how mergers and acquisitions function. Companies hire elite law firms precisely because they need a trusted, neutral party to manage the paperwork, negotiations, and legal strategy involved in billion-dollar transactions. The moment that trust is broken, the entire system begins to fracture.

And the alleged breach here was massive. Federal prosecutors in Boston described it as “a vast, decade-long scheme” that exploited attorney access to confidential deal materials at some of “the nation's premier law firms.” Prosecutors say nearly 30 M&A deals were compromised over 10 years, generating tens of millions of dollars in illicit profits (illegal trading gains made from stolen, nonpublic information). That's not a single bad actor slipping through the cracks — that's systematic exploitation of attorney-client privilege across multiple firms and multiple transactions.

For everyday investors, the ripple effects are very real. When insiders trade ahead of major corporate deals using material non-public information (MNPI — secret data that would move a stock price if it became public), they tilt the entire playing field. It essentially rigs the game against ordinary investors who are making decisions without access to that same information. If you held shares in any of the companies involved in those nearly 30 M&A deals between 2014 and 2024, you may have unknowingly been on the losing end of this scheme.

The case also raises urgent questions about legal technology and how law firms protect their most sensitive data. Six unnamed “victim” law firms are referenced in the indictment. Latham & Watkins stated that the former associate “has not been associated with our firm for five years” and that “the conduct as alleged would reflect a serious violation of our robust policies and procedures.” Goodwin Procter said it was “deeply disappointed” a former employee allegedly “misused confidential information as part of a broader criminal scheme affecting multiple law firms and their clients.”

But statements aside, the case exposes something uncomfortable: even firms that invest heavily in legal software and maintain entire compliance teams can be vulnerable when a trusted insider decides to exploit their access. Document management systems — like the one Nourafchan allegedly used at Goodwin Procter to pull Amazon-iRobot deal materials while officially on leave — are only as secure as the permissions and real-time monitoring around them. Legal technology experts have been making exactly this argument for years: the question isn't just whether a firm has legal software, it's whether that software is configured to catch anomalous behavior before it compounds into a decade-long fraud.

Photo by Joan Gamell on Unsplash

The AI Angle

The Nourafchan case is already being cited in legal tech circles as a wake-up call for law firm automation and AI-powered security monitoring. Traditional access logs tell you who opened a file — but they rarely flag when that access is suspicious in context. That's precisely where AI legal tools are beginning to make a decisive difference.

Modern AI legal tools can analyze patterns across thousands of document access events simultaneously, flagging anomalies like an attorney on leave pulling deal materials, or someone accessing files well outside their assigned practice area. Platforms like Relativity and Intapp already offer behavioral analytics solutions purpose-built for law firms, and this indictment will almost certainly accelerate their adoption across the industry.

There's also a contract review dimension worth examining here. AI-powered contract review platforms are increasingly deployed not just to speed up due diligence, but to generate detailed, tamper-evident audit trails that record who reviewed what documents and exactly when — creating a layer of accountability that siloed legacy legal software simply cannot replicate. Law firm automation, implemented correctly, doesn't just save billable hours; it creates the kind of persistent digital footprint that makes covert, long-term information theft exponentially harder to sustain without detection.

What Should You Do? 3 Action Steps

1. Understand Your Rights as an Investor

If you held stock in any company involved in a suspicious acquisition between 2014 and 2024, it may be worth consulting a securities attorney to understand your options. Insider trading (illegally trading stocks using nonpublic information to gain an unfair market advantage) artificially distorts stock prices — and in some cases, harmed investors may have legal recourse through civil litigation or class action participation. The SEC's Office of Investor Education and Advocacy offers free guidance at investor.gov as a starting point.

2. Ask Your Law Firm About Their Data Security Policies

If you're a business owner or executive who works with outside legal counsel on sensitive transactions, it is entirely reasonable — and increasingly expected — to ask your firm directly how they protect confidential deal information. Questions like “Who can access our deal documents?” and “Do you use legal software with access logging and behavioral anomaly detection?” are fair and professional. Any firm using modern legal technology should be able to answer these specifically and confidently.

3. Report Suspected Market Manipulation to the SEC

You don't need a law degree to recognize basic red flags. Unusual stock price spikes just before a major deal announcement, or sudden surges in options trading (contracts that bet on a stock moving in a specific direction before an expiration date) around M&A news cycles, are patterns regulators monitor closely. If you ever suspect market manipulation, report it to the SEC at sec.gov/tcr. The SEC's whistleblower program also offers substantial financial awards for tips that lead to successful enforcement actions — a powerful incentive built directly into federal law.

Frequently Asked Questions

How did a Biglaw attorney allegedly steal confidential M&A information from top law firms for 10 years without getting caught?

According to federal prosecutors, Nicolo Nourafchan and his alleged co-conspirators went to deliberate lengths to evade detection — using burner phones, coded language, and in-person cash payments rather than traceable digital transfers. They also exploited a critical gap: many law firm document management systems log access but lack real-time behavioral analysis capable of contextualizing whether a given access event is suspicious. For a full decade — from March 2014 to August 2024 — the alleged scheme continued in part because no single firm had visibility into the broader pattern spanning multiple institutions. This case is now driving urgent conversations about better legal technology standards and cross-firm anomaly monitoring across the industry.

What is M&A insider trading and why is it a federal crime to trade on confidential information from a law firm?

M&A insider trading means buying or selling stocks based on secret, nonpublic information about a pending merger or acquisition (a corporate deal where one company purchases another) before that information is released to the general public. It is a federal crime under U.S. securities law because it grants certain individuals an unfair informational advantage over ordinary investors who are making decisions without access to the same data. Attorneys working on M&A transactions are bound by strict confidentiality duties — using that privileged information to trade, or sharing it with others who trade on it, constitutes securities fraud regardless of how carefully the trades are timed or structured.

Can law firms be held legally liable when a former attorney leaks confidential deal information to an insider trading ring?

This is a nuanced legal question that depends heavily on the specific facts and circumstances, and this article does not constitute legal advice. Generally, law firms can face civil liability if they are found to have failed to implement adequate safeguards to protect client information. However, if a firm had reasonable security policies in place and an individual deliberately circumvented them, the firm's direct liability may be more limited. Both Latham & Watkins and Goodwin Procter emphasized in their public statements that the alleged conduct violated existing firm policies. Clients or companies that believe they were harmed may wish to consult their own legal counsel to evaluate potential civil remedies or claims against responsible parties.

How are AI legal tools and law firm automation being used in 2026 to prevent insider threats at top law firms?

Law firm automation and AI legal tools are increasingly being deployed to detect precisely the kind of behavior alleged in this case. Platforms like Intapp and Relativity offer behavioral analytics that can flag unusual document access patterns — such as an attorney pulling files outside their assigned matters, accessing deal materials during a leave of absence, or downloading large volumes of documents outside normal business hours. AI-powered contract review systems also generate detailed, time-stamped audit logs that create a persistent record of document interactions. Legal technology experts note that firms adopting these tools are significantly better positioned to identify insider threats early, before minor access violations compound into years of undetected fraud.

What should I do if I think I lost money as an investor because of insider trading before a corporate acquisition was publicly announced?

If you believe insider trading — specifically, someone illegally using material non-public information (MNPI) to trade ahead of a deal announcement — may have harmed you as an investor, there are several actionable steps to consider. First, file a tip with the SEC at sec.gov/tcr; the SEC's formal whistleblower program offers meaningful financial awards for credible information that leads to a successful enforcement action. Second, consult with a securities litigation attorney who can assess whether you have a viable private civil claim based on your specific trading history and the deals involved. Class action lawsuits tied to insider trading schemes have historically resulted in significant settlements that returned funds to harmed investors.

Disclaimer: This article is for informational purposes only and does not constitute legal advice. Always consult a qualified attorney for guidance specific to your situation.