The Securities and Exchange Commission (SEC) announced news on Wednesday (March 14) that it charged a former chief information officer of a U.S. business unit of Equifax with insider trading over the company’s massive data breach.
In a press release, the SEC said Jun Ying, who was tapped to be the next global CIO of Equifax, used confidential information about the data breach at the company to sell all of his vested stock. According to the agency, Ying made close to $1 million in proceeds from the stock sales before Equifax made the data breach — which resulted in the personal information of 148 million consumers in the U.S. being exposed — public. The SEC said that by selling his stock ahead of the public disclosure of the data breach, he avoided greater than $117,000 in stock losses.
“As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” Richard R. Best, director of the SEC’s Atlanta Regional Office, said in the press release announcing the action. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.”
In addition to the SEC, the U.S. Attorney’s office in the Northern District of Georgia filed the same criminal charges against the Equifax executive. With the SEC complaint, Ying is charged with violating antifraud provisions of federal securities laws and seeks disgorgement of his gains plus interest, penalties and injunctive relief.
A statement issued by Equifax Interim Chief Executive Officer Paulino Do Rego Barros Jr. revealed the company had launched an inquiry into Ying’s actions.
“Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities. We are fully cooperating with the DOJ [Department of Justice] and the SEC, and will continue to do so. We take corporate governance and compliance very seriously and will not tolerate violations of our policies,” the statement read.
Equifax has been under fire for months after it disclosed its massive data breach, in which hackers made off with a large amount of personal data, including Social Security numbers and driver’s licenses. In total, 209,000 credit card accounts were stolen. Earlier this month, Equifax disclosed that it expects costs from the breach to increase $275 million in 2018, which could make it the most expensive hack of a corporation ever.
Citing comments the company made on a conference call, Reuters stated the $275 million would be in addition to the $164 million in pre-tax costs it reported for the last six months of 2017. Some of the money to be spent in 2018 for the data breach includes technology and security upgrades, legal fees and free identity theft services for consumers who were impacted by the cyberattack. At the end of 2017, the cost from the data breach stood at $439 million.