U.S. Federal prosecutors charged Michele Spagnuolo, a 36-year-old Google staff information security engineer, on May 27, 2026, with using confidential company data to win over $1.2 million on the prediction market platform Polymarket.
Spagnuolo, an Italian citizen living in Switzerland, had been a Google employee since 2014. He now faces charges of commodities fraud, wire fraud, and money laundering.
This case is notable less for the amount involved and more for what it reveals about how Google managed access to sensitive internal data and whether its policies were adequate to prevent this from happening in the first place.
What Spagnuolo Did
Between October and December 2025, Spagnuolo placed a series of bets using confidential data related to Google’s annual Year in Search report.
Operating under the username “AlphaRaccoon,” Spagnuolo placed multiple “yes” and “no” bets related to who would be the most searched person on Google. One of his most significant bets was on the singer D4vd, who was recently charged with murdering14-year-old Celeste Rivas Hernandez.
At the time he placed that bet, Polymarket had assigned a near-zero probability to D4vd being the top-searched person on Google for the year. But Spagnuolo knew differently. According to the complaint, he accessed Google’s internal tool, which showed D4vd trending, just a few hours before the AlphaRaccoon account placed that bet.
After Google publicly released its Year in Search 2025 results on December 4, Spagnuolo’s AlphaRaccoon account had already locked in approximately $1.2 million in profits.
The Access Problem Google Cannot Sidestep
The detail that makes this case more than a simple rogue-employee story is Google’s own admission about how the data was accessed. A Google spokesperson confirmed that Spagnuolo accessed marketing material through an internal tool available to all employees, describing his use of that information to place bets as “a serious breach” of company policies.
Spagnuolo had been employed as a security engineer at Google since 2014, where he built products, specifications, and led multiple projects in the information security unit. The question regulators and observers are now asking is why a company that handles some of the world’s most commercially sensitive data not have tighter controls on who could view pre-release Year in Search results, and when?
