Last winter, Equifax experienced one of the most devastating data breaches in history. In an incredible stroke of luck, several executives had dumped their stock in the company prior to the news going public. They were cleared of wrongdoing, but earlier this week, the SEC filed insider trading charges against a different executive for his own fortuitous cash-out.
Jun Ying, former chief information officer of Equifax's US consumer reporting division, is accused of using confidential information to avoid $US117,000 ($148,710) worth of losses on his Equifax stock. According to the SEC complaint, Ying was informed about the data breach at the credit reporting agency, which reportedly compromised the personal data of more than 145 million Americans. He proceeded to research the impact a similar breach had on the stock of Experian Plc and realised his Equifax holdings were likely to take a hit. The sale of Ying's vested stock options totalled close to $US1 million ($1.3 million).
As Richard Best, director of the SEC's Atlanta regional office, explained in a statement:
As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public. Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.
When news of Equifax's data breach first appeared, reports emerged that the company had been warned about the vulnerability in its system six months before attackers took advantage of it. The flaw in its data infrastructure gave hackers the ability to access the personal data of Equifax's customers, but executives allegedly failed to ensure it was patched. Suspiciously, four top executives had also sold a total of $US1.8 million ($2.3 million) worth of stock in the weeks leading up to Equifax's official discovery and public disclosure of the vulnerability. All four executives were cleared of wrongdoing for various reasons after an internal investigation by Equifax.
Mr Ying was not one of those four extremely lucky men. His activities were discovered by Equifax and quickly turned over to the SEC. According to the complaint, Ying was CC'd on an email in August about an emergency project involving a "VERY large breach Opportunity". Ying proceed to text one of his subordinates, the SEC alleges, in which he wrote: "On the phone with [global CIO]. Sounds bad. We may be the one breached. . . . Starting to put 2 and 2 together." After adding up the equation, Ying allegedly concluded this was a prime time to exercise his stock options. He pocketed "more than $950,000 [$AU1.2 million]."
When contacted for comment by Gizmodo, Equifax sent us a statement from Interim CEO Paulino Do Rego Barros, Junior. "Upon learning about Mr Ying's August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company's trading policies, separated him from the company and reported our findings to government authorities," he wrote. "We are fully cooperating with the DOJ and the SEC, and will continue to do so."
There is certainly plenty of cooperating still to be done - by Bloomberg's count, Equifax still "faces more than 240 class-action lawsuits and more than 60 regulatory or government inquiries".