Federal authorities have charged a former CIO of Equifax, who allegedly sold about $1 million in stock options before the company announced a massive data breach, with insider trading.
By selling the stocks before the breach disclosure, the US Securities and Exchange Commission alleges that Jun Ying saved about $117,000 in losses, according to a March 14 statement from the commission detailing its investigation. The US Attorney's Office for the Northern District of Georgia has also charged Ying with insider trading.
Ying, 42, of Atlanta, had been the CIO of Equifax's US business, and had been in line to become the global CIO before the data breach.
US Attorney Byung J. "BJay" Pak issued a statement Wednesday, following the grand jury's indictment, noting that Ying took advantage of his position as CIO to sell his stock options before the data breach news became public.
"This defendant took advantage of his position as Equifax's USIS Chief Information Officer and allegedly sold over $950,000 worth of stock to profit before the company announced a data breach that impacted over 145 million Americans," Pak said. "Our office takes the abuse of trust inherent in insider trading very seriously and will prosecute those who seek to profit in this manner."
Ying learned of the breach on August 25, 2017, and wrote to a co-worker: "Sounds bad. We may be the one breached," according to the indictment. Ying then began researching the financial effects of other data breaches the following Monday. After that, he sold 6,815 shares of Equifax stock, receiving proceeds of over $950,000, and gains of over $480,000.
On September 7, 2017, Equifax announced a data breach -- one of the largest ever recorded -- that exposed the exposed the social security numbers and other personal information of about 148 million customers in the US. The company's stock dropped following the disclosure. (See Equifax Breach Points to Similar Security Concerns – Report.)
In February, Equifax announced a new chief information security officer (CISO) to oversee the company's information security infrastructure. (See Equifax Taps Former Home Depot Security Chief as New CISO.)
The fact that Equifax's company officers sold stock before disclosing the data breach led the SEC to update its guidelines about how businesses need to disclose cyber attacks to the public. (See Equifax, Intel Help Spur SEC to Update Cybersecurity Regulations.)