A Google security engineer was arrested in New York and charged with crimes related to bets he allegedly placed on Polymarket using confidential information he pulled from Google systems, the Justice Department said Wednesday. 

Michele Spagnuolo, a 36-year-old Italian citizen who lives in Switzerland, is accused of placing multiple trades on the prediction marketplace last year that netted him a profit of more than $1.2 million. He allegedly abused internal access to Google’s nonpublic Year in Search data and placed a series of bets on the most searched people on Google in 2025.

“Today’s charges reinforce a decades-old message: corporate insiders cannot use confidential information to turn a profit in our markets,” Jay Clayton, U.S. attorney for the Southern District of New York, said in a statement Wednesday. “Insider trading compromises the integrity of our markets, and the American people want this greed-driven conduct investigated and prosecuted.”

Spagnuolo was charged with violating the Commodity Exchange Act, wire fraud and money laundering, which carry a combined maximum sentence up to 50 years in prison. 

He was also served with a civil complaint by the Commodity Futures Trading Commission that accused him of insider trading. The government agency is seeking restitution, disgorgement, civil monetary penalties, trading and registration bans and a permanent injunction against further regulation violations. 

Spagnuolo has been employed as a security engineer at Google since 2014, where he built products, specifications and led multiple projects in the information security unit, according to his company bio, which has since been taken down. 

A Google spokesperson said the company is working with law enforcement on its investigation. “The employee accessed our marketing material using a tool available to all employees, but using such confidential information to place bets is a serious breach of our policies,” the spokesperson said in a statement. “We’ve placed the employee on leave and will take the appropriate action.”

Spagnuolo did not respond to a request for comment.

In a complaint unsealed Wednesday, a federal investigator said Spagnulo, who used the “AlphaRaccoon” user name on Polymarket, took deliberate steps to conceal his use of nonpublic information, including efforts to obscure the source and ownership of his proceeds. 

Prosecutors noted that Google’s internal software tool, which provided Spagnuolo access to search trends, bore a banner that stated “Google Confidential” in red text, adding that Spagnuolo confirmed he understood the company’s various confidentiality and ethics policies to access the data. 

Spagnuolo allegedly created his Polymarket account in May 2024 and placed a series of trades between later that year risking approximately $2.75 million on 25 outcomes that the market treated as unlikely.

The FBI said it traced Spagnuolo’s Polymarket account to a cryptocurrency wallet he allegedly used to fund the account and initiate multiple transfers. Spagnuolo is also accused of sending multiple transactions through a cryptocurrency swapping service that were received by an account in his name linked to his Italian government ID card. 

Spagnuolo allegedly changed his Polymarket username to an alphanumeric wallet address in early December, after Google released its Year in Search results and multiple users on Discord and X speculated the person between the account was a Google insider.

The post Google security engineer accused of turning confidential search trends into $1.2M win on Polymarket appeared first on CyberScoop.

The Treasury Department is soliciting public feedback on whether it should change a terrorism risk insurance program to address cyber-related losses.

In a Federal Register notice set for publication Wednesday, Treasury seeks comment from the public for a mandatory report it must deliver to Congress this summer on the effectiveness of the terrorism risk insurance program (TRIP) created by the 2002 Terrorism Risk Insurance Act. That law arose from the Sept. 11 terror attacks and provided a federal backstop to make terrorism risk insurance more available and affordable.

Some experts have suggested that the cyber insurance industry should also get a federal backstop as the industry struggles to develop fully. With the law set to expire at the end of 2027, tying it to the reauthorization of the terrorism risk insurance law could be one way to get Congress to create such a cyber backstop.

Among the topics Treasury hopes commenters will address before it sends the report to Congress in June is the interaction between the terrorism risk insurance law and program, and cybersecurity. The agency will accept comments until May 8.

That includes: “Any potential changes to TRIA or TRIP that would encourage the take up of insurance for cyber-related losses arising from acts of terrorism as defined under TRIA, including, but not limited to the potential modification of the lines of insurance covered by TRIP and revisions to any of the current sharing mechanisms for cyber-related losses, such as, for example, the individual insurer deductible or the federal share percentage.”

In 2021, Treasury issued a rule making it clear that TRIP could cover cyber losses when written in a TRIP-eligible line of insurance. However, a Government Accountability Office report last year outlined some of the limitations there.

“Because TRIA was designed specifically as a federal backstop for losses from acts of terrorism, only losses from cyberattacks certified by Treasury as acts of terrorism would have TRIA coverage,” it states. “As a result, even large cyberattacks that result in catastrophic losses would not be covered under TRIA if they were not certified as acts of terrorism.”

Treasury said in its Federal Register notice that it wants feedback on cyber-related terrorism losses within TRIP and losses outside of it.

Cyberattacks would need to meet definitions under the terrorism risk insurance law to be certified. They need to be violent or otherwise dangerous to life, property or infrastructure, and designed to influence the U.S. population or government. Damage to U.S. organizations outside the United States still might not qualify.

Medical device maker Stryker recently suffered a wiper attack, with the pro-Palestinian, Iranian government-linked group Handala taking credit. It said the attack was in retaliation for U.S. and Israel military strikes against Iran, specifically a U.S. missile strike on a school that killed 175 people, according to Iran’s government.

The post Treasury asks whether terrorism risk insurance program should bolster cyber coverage appeared first on CyberScoop.

The Trump administration is plotting an interagency body to confront malign hackers, pilot programs to secure critical infrastructure across states and other steps tied to its freshly-released cyber strategy, National Cyber Director Sean Cairncross said Monday.

The “interagency cell” will bring together agencies like the Justice Department, the Department of State, the FBI and the Pentagon, which will make it clear that going on cyber offense isn’t just about attacking enemies in cyberspace, Cairncross said.

“Sure, that’s part of it, but that’s not all of it,” he said at an event hosted by USTelecom. It will include diplomatic efforts, arrests and more, he said. “As President Trump has made clear, he expects results, and he’s empowered the team under him to go get them.”

A series of pilot programs will be catered to specific critical infrastructure industries in specific states, such as water in Texas and beef in South Dakota, Cairncross said. Different sectors operate at more or less mature levels, he said.

“One of the things that we are working to do is to align those sectors and prioritize those sectors in a way that makes sense,” he said.

Cairncross said the administration wants to share information with industry better, and will be looking as well at revising regulations in some instances. One of those instances is the Securities and Exchange Commission’s 2023 incident disclosure rule, which drew some of the most vehement industry opposition under the Biden administration’s’ pursuit of cyber regulations. The idea is to make sure they “make sense for industry,” Cairncross said.

But the administration also will have things it seeks from the private sector. That will include bringing together CEOs and sending the message to them that “you need to dedicate some real resources,” he said.

Cairncross has spoken before about wanting to establish an academy to address education and training in a nation with persistent cybersecurity job openings, but there’s more attached to it, he said.

The effort, which Cairncross said the administration would release details on soon, will also include a foundry (which “will be able to scale with private capital new innovation, and deploy it more quickly”) and an accelerator (“so when there’s preceded financing on on projects to really ramp that up and be able to scale as well and overcome some of the procurement hurdles that are often based in in this space”).

Cairncross said at a second event Monday that another forthcoming step was a law enforcement pilot program to better share information with state and local governments.

“We’re looking for ways to streamline information sharing from the USG side,” Cairncross said at a Billington Cybersecurity event, using the acronym for “U.S. government.” “Often, ‘how’ we know things is extremely sensitive, ‘what’ we know is less so,” he said. The goal is “to figure out how to communicate that in a helpful, actionable way.”

Updated, 3/9/26: to include comments about law enforcement pilot program.

The post Sean Cairncross lays out what’s coming next for Trump’s cyber strategy appeared first on CyberScoop.