Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

6/29/2018
11:15 AM
50%
50%

Equifax Software Manager Charged with Insider Trading

Sudhakar Reddy Bonthu used insider information about the company's 2017 data breach to profit in stock transaction.

Fallout from the epic Equifax data breach just keeps coming: A second employee of the credit-monitoring firm has been charged with insider trading in connection with the attack.

Former Equifax software development manager Sudhakar Reddy Bonthu, 44, was arraigned in US District Court in Atlanta this week. Bonthu allegedly using his inside knowledge of the 2017 data breach before it was made public and purchased so-called "put" stock options that allowed him to earn more than $75,000 in profit when the announcement was made and Equifax's stock dropped.

Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach.

Read more here

 

Black Hat USA returns to Las Vegas with hands-on technical Trainings, cutting-edge Briefings, Arsenal open-source tool demonstrations, top-tier security solutions and service providers in the Business Hall. Click for information on the conference and to register.

Dark Reading's Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
7/2/2018 | 5:05:20 PM
Re: CIO
@blackjack: To say nothing of the fact that there is no such thing as 100% secure -- unless you have 0% accessibility.

Moreover, to open CIOs and their ilk up to criminal charges for this kind of thing would mean that they would command mega-salaries in excess of their CEOs -- so as to compensate for the risk.
REISEN1955
0%
100%
REISEN1955,
User Rank: Ninja
7/2/2018 | 10:31:58 AM
Re: Best Practice?
I cannot help but think that many Equifax employees will have great new careers at Wells Fargo. LOL
BradleyRoss
50%
50%
BradleyRoss,
User Rank: Moderator
6/30/2018 | 2:26:14 PM
Re: Best Practice?
I think that the problem is that there is no defined best practice with regard to securing the data.  The comment that I heard from someone at the FBI was that if they published a best practice or good practice document, people might hold them to it and use the document to avoid legal penalty.  I was somewhat incredulout about this answer since it meant that lack of a "good practices" document made it almost impossible to bring a legal charge against the firm.

Insider trading is a different matter in the law more clearly specifies what constitutes a breach of the law.  It is therefore much easier to bring criminal charges and obtain a guilty verdict.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:16:24 AM
Re: CIO
Come on, reality check. If we charged every CIO who oversaw a network that wasn't 100% secure, and/or patched.... you'd be charging EVERY CIO. Drop down to 90% secure/patched and you'd only have to charge 90% of CIO's, etc. Veracode publicly said they saw 90% of their customers STILL had systems with the same Apache Struts app unpatched six months after Equifax. Not making excuses for them, but being outraged doesnt change reality.... every company has similar issues, and everyone's data was already stolen.
blackjack0021
50%
50%
blackjack0021,
User Rank: Apprentice
6/30/2018 | 1:08:11 AM
Re: Best Practice?
First, he didn't sell stock he already owned to avoid the decrease in value. He purposefully purchased PUT options. Meaning he placed a bet the stock would drop, and when it did he cashed in. Second, google insider trading wiki. Best practice doesn't mean anything here, there are specific laws that say what you are NOT ALLOWED to do. And yes, you could be stuck knowing your stock is about to become worthless, and you can't legally sell it before the news breaks, or warn others to do so.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:49:49 PM
CIO
Equifax's former chief information officer, Jun Ying, earlier this year pleaded not guilty to charges of insider trading related to the data breach Charges on insider trading? How about not securing the network as it should be, so no charge on that!
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:48:04 PM
Re: Best Practice?
This is a cynical representation of it of course but seriously I can't fathom being in that position and would like someone who is better versed legally to shed some light on the matter. I would say this would depend on circumstances of the case, each case would be different, mainly around intention.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:46:42 PM
Re: Best Practice?
Can someone explain to me what is best practice in these scenarios? I think this is a good question. I am not sure if thee is a best practice in this case.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:45:09 PM
Re: Not Surprising
I would be surprised however if it was to be the last person charged in light of the Equifax breach. I would agree. But these are mistakes after the mistakes, not root course of the problem they are in.
Dr.T
50%
50%
Dr.T,
User Rank: Ninja
6/29/2018 | 2:44:16 PM
Fallout
Fallout from the epic Equifax data breach just keeps coming For me it it is better to focus on why these type of massive attacks happenin the first place and the focus on what people did wrong once it happened. We have no clue what went wrong.
Page 1 / 2   >   >>
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15540
PUBLISHED: 2019-08-25
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
CVE-2019-15538
PUBLISHED: 2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a ...
CVE-2016-6154
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
CVE-2019-5594
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
CVE-2019-6695
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.