Equifax announced on 7 September that it had discovered a months-long data breach that potentially exposed the personal information of 143 million people in the United States as well as some 700,000 in the UK.
Jun Ying, who was Equifax’s US chief information officer (CIO) at the time the company was hacked a year ago, faces criminal charges filed by the US Attorney’s Office for the Northern District of Georgia and anti-fraud civil charges filed by the US Securities and Exchange Commission.
“Numerous additional communications [that evening] informed Ying that this breach was unusual, and indicate that Ying used the information entrusted to him as an Equifax employee to conclude that Equifax was the victim of the breach”, the SEC alleged.
He added: “Corporate insiders who learn inside information, including information about material cyber intrusions, can not betray shareholders for their own financial benefit”.
Jun Ying, former chief information officer of a U.S. business unit of Equifax, faces civil and criminal charges from the Securities and Exchange Commission and U.S. Attorney’s Office for the Northern District of Georgia. The U.S. Attorney’s office in Atlanta filed criminal charges against Ying, according to a separate statement.
After learning that rival Experian’s shares dipped 4% after it disclosed an earlier security breach, he allegedly exercised his stock options and sold the shares the following Monday.
Ying did not receive a severance package, said the Atlanta-based firm, which is one of the nation’s three major credit-reporting bureaus.
That guidance and the charges against Ying will likely prompt publicly-held companies to implement new procedures for dealing with trades by employees following a breach, Axelrod said. “We may be the one breached”, the Department of Justice said in its statement. “Starting to put 2 and 2 together,” Ars Technica wrote.
At the end of 2017, alarm bells rang when four senior managers – chief financial officer John Gamble, president of U.S. information solutions Joseph Loughran, president of workforce solutions Rodolfo Ploder, and senior veep of investor relations Douglas Brandberg – sold off company stock worth a total of about $1.8m. Another executive, Douglas Brandberg, also sold about $251,000 in shares on August 2, 2007. Those executives – Chief Financial Officer John W. Gamble; Joseph M. Loughran III, president of US information solutions; and Rodolfo O. Ploder, president of workforce solutions – sold large amounts of their shares of Equifax stock before news of the breach become public and made $2 million in profits. Equifax concluded on October 16 that Ying had violated the company’s insider-trading policy and that he should be terminated, prompting his resignation, the SEC said.
“We are fully cooperating with the DOJ and the SEC, and will continue to do so”, Barros said in a statement.