Cloud

6/29/2018
11:15 AM
50%
50%

Equifax Software Manager Charged with Insider Trading

Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.

Fallout from the epic Equifax data breach just keeps coming: A second employee of the credit-monitoring firm has been charged with insider trading in connection with the attack.

Former Equifax software development manager Sudhakar Reddy Bonthu, 44, was arraigned in US District Court in Atlanta this week. Bonthu allegedly using his inside knowledge of the 2017 data breach before it was made public and purchased so-called "put" stock options that allowed him to earn more than $75,000 in profit when the announcement was made and Equifax's stock dropped.

Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach.

Read more here

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:05:20 PM
Re: CIO
@blackjack: To say nothing of the fact that there is no such thing as 100% secure -- unless you have 0% accessibility.

Moreover, to open CIOs and their ilk up to criminal charges for this kind of thing would mean that they would command mega-salaries in excess of their CEOs -- so as to compensate for the risk.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
7/2/2018 | 10:31:58 AM
Re: Best Practice?
I cannot help but think that many Equifax employees will have great new careers at Wells Fargo. LOL
BradleyRoss
50%
50%
BradleyRoss,
User Rank: Strategist
6/30/2018 | 2:26:14 PM
Re: Best Practice?
I think that the problem is that there is no defined best practice with regard to securing the data.  The comment that I heard from someone at the FBI was that if they published a best practice or good practice document, people might hold them to it and use the document to avoid legal penalty.  I was somewhat incredulout about this answer since it meant that lack of a "good practices" document made it almost impossible to bring a legal charge against the firm.

Insider trading is a different matter in the law more clearly specifies what constitutes a breach of the law.  It is therefore much easier to bring criminal charges and obtain a guilty verdict.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:16:24 AM
Re: CIO
Come on, reality check. If we charged every CIO who oversaw a network that wasn't 100% secure, and/or patched.... you'd be charging EVERY CIO. Drop down to 90% secure/patched and you'd only have to charge 90% of CIO's, etc. Veracode publicly said they saw 90% of their customers STILL had systems with the same Apache Struts app unpatched six months after Equifax. Not making excuses for them, but being outraged doesnt change reality.... every company has similar issues, and everyone's data was already stolen.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:08:11 AM
Re: Best Practice?
First, he didn't sell stock he already owned to avoid the decrease in value. He purposefully purchased PUT options. Meaning he placed a bet the stock would drop, and when it did he cashed in. Second, google insider trading wiki. Best practice doesn't mean anything here, there are specific laws that say what you are NOT ALLOWED to do. And yes, you could be stuck knowing your stock is about to become worthless, and you can't legally sell it before the news breaks, or warn others to do so.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:49:49 PM
CIO
Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach Charges on insider trading? How about not securing the network as it should be, so no charge on that!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:48:04 PM
Re: Best Practice?
This is a cynical representation of it of course but seriously I can't fathom being in that position and would like someone who is better versed legally to shed some light on the matter. I would say this would depend on circumstances of the case, each case would be different, mainly around intention.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:46:42 PM
Re: Best Practice?
Can someone explain to me what is best practice in these scenarios? I think this is a good question. I am not sure if thee is a best practice in this case.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:45:09 PM
Re: Not Surprising
I would be surprised however if it was to be the last person charged in light of the Equifax breach. I would agree. But these are mistakes after the mistakes, not root course of the problem they are in.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:44:16 PM
Fallout
Fallout from the epic Equifax data breach just keeps coming For me it it is better to focus on why these type of massive attacks happenin the first place and the focus on what people did wrong once it happened. We have no clue what went wrong.
Page 1 / 2   >   >>
WebAuthn, FIDO2 Infuse Browsers, Platforms with Strong Authentication
John Fontana, Standards & Identity Analyst, Yubico,  9/19/2018
New Cold Boot Attack Gives Hackers the Keys to PCs, Macs
Kelly Sheridan, Staff Editor, Dark Reading,  9/13/2018
Turn the NIST Cybersecurity Framework into Reality: 4 Steps
Mukul Kumar & Anupam Sahai, CISO & VP of Cyber Practice and VP Product Management, Cavirin Systems,  9/20/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Flash Poll
The Risk Management Struggle
The Risk Management Struggle
The majority of organizations are struggling to implement a risk-based approach to security even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2018-1674
PUBLISHED: 2018-09-20
IBM Business Process Manager 8.5 through 8.6 and 18.0.0.0 through 18.0.0.1 are vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 145109.
CVE-2018-1800
PUBLISHED: 2018-09-20
IBM Sterling B2B Integrator Standard Edition 5.2.6.0 and 6.2.6.1 could allow a local user to obtain highly sensitive information during a short time period when installation is occuring. IBM X-Force ID: 149607.
CVE-2018-3864
PUBLISHED: 2018-09-20
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long &quot...
CVE-2018-3865
PUBLISHED: 2018-09-20
An exploitable buffer overflow vulnerability exists in the Samsung WifiScan handler of video-core's HTTP server of Samsung SmartThings Hub STH-ETH-250 - Firmware version 0.20.17. The strcpy overflows the destination buffer, which has a size of 40 bytes. An attacker can send an arbitrarily long &quot...
CVE-2018-17254
PUBLISHED: 2018-09-20
The JCK Editor component 6.4.4 for Joomla! allows SQL Injection via the jtreelink/dialogs/links.php parent parameter.