The Securities and Exchange Commission (SEC) announced it has charged a former Equifax manager with engaging in insider trading before the company announced its massive data breach last year. This is the second case the SEC has filed in the aftermath of the breach. In March, the former chief information officer of Equifax’s U.S. business unit was also charged with insider trading.
In the complaint filed in federal court in Atlanta on Thursday (June 28), the SEC charged that Equifax Software Development Manager Sudhakar Reddy Bonthu traded confidential information he received while creating a website for consumers impacted by a data breach. The SEC’s suit alleges that Bonthu traded on the non-public information by purchasing Equifax put options. After Equifax publicly announced the data breach and its stock declined nearly 14 percent, Bonthu sold the put options and netted more than $75,000, a return of more than 3,500 percent on his initial investment.
Bonthu was fired from his position at Equifax in March 2018 after refusing to cooperate with an internal investigation into whether he had violated the company’s insider trading policy.
“As we allege, Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit,” said Richard R. Best, Regional Director of the SEC’s Atlanta Office. “Corporate insiders simply cannot abuse their access to sensitive information and illegally enrich themselves.”
In addition, the U.S. Attorney’s Office for the Northern District of Georgia filed criminal charges against Bonthu. To settle the SEC’s civil charges, Bonthu has agreed to a permanent injunction and to return the money he made from the illegal trades, plus interest. The settlement is subject to court approval.
This week, Equifax made a deal with eight states’ banking regulators to perform a detailed assessment of cyberthreats, boost board oversight of cybersecurity and improve processes to fix known security vulnerabilities. The company has already revealed that it had spent $68.7 million in the first quarter on costs related to the breach. The company has, so far, spent $242.7 million on breach costs — and more is likely to come, with Equifax predicting in March another $275 million in related expenses.