The fall out from the Equifax data breach continues to crash down on the company after a former executive has been charged with insider trading for selling almost $1m (£720,000) in stock before the attack was publicly disclosed.
Jun Ying was Equifax’s US chief information officer at the time – and reportedly in line for the global CIO job – but has since been ousted.
He is the first to be charged, although it has been alleged that three other senior staff also sold hundreds of thousands of dollars in shares just days before the firm went public.
Ying faces criminal charges filed by the US Attorney’s Office for the Northern District of Georgia and anti-fraud civil charges filed by the Department of Justice (DoJ) and the Securities & Exchange Commission (SEC).
According to the indictment, Ying was asked to assist in the response to the breach in August, although he was initially told the hack had hit an Equifax customer, not the company itself.
However, it is claimed Ying worked out what had happened before he was officially informed by Equifax, and sent two text messages to a colleague which read: “Sounds bad. We may be the one breached” and “I’m starting to put 2 and 2 together”.
He then looked online to see how a major hack on rival Experian had affected the company’s stock price. Within an hour of discovering how Experian’s shares had plummeted after a much smaller hack, Ying exercised all of his Equifax stock options and sold those shares for $950,000 (£680,000).
According to the filing, he would have made $117,000 (£84,000) less if he had sold those shares after the breach was made public.
“As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard Best, director of the SEC’s Atlanta regional office. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.”
The SEC is calling for Ying pay back the money, plus interest, that he saved by selling the shares before the disclosure, along with a judgment prohibiting him from being employed as an officer or director of a publicly traded company.
Equifax could face final bill of $600m for data breach
Equifax can’t find addresses for 14 million customers
FCA launches investigation into Equifax breach farce
The farce continues: Equifax now says 694,000 Brits hit
Equifax chief ‘misled Congress over mass data breach’
Equifax: Oops we’ve found another 2.5m stolen records
Equifax CEO is ‘retired’ as company reels from breach
Equifax blunders on after sending users to fake website
Equifax admits that 400,000 Brits hit by US breach
Flaw on Equifax system was exposed over 6 months ago