[BreachExchange] Feds Accuse Equifax CIO Pick Of Insider Trading

[Audrey McNeil]

https://www.pymnts.com/news/security-and-risk/2018/sec-
equifax-insider-trading-data-breach/

The Securities and Exchange Commission (SEC) announced news on Wednesday
(March 14) that it charged a former chief information officer of a U.S.
business unit of Equifax with insider trading over the company’s massive
data breach.

In a press release, the SEC said Jun Ying, who was tapped to be the next
global CIO of Equifax, used confidential information about the data breach
at the company to sell all of his vested stock. According to the agency,
Ying made close to $1 million in proceeds from the stock sales before
Equifax made the data breach — which resulted in the personal information
of 148 million consumers in the U.S. being exposed — public. The SEC said
that by selling his stock ahead of the public disclosure of the data
breach, he avoided greater than $117,000 in stock losses.

“As alleged in our complaint, Ying used confidential information to
conclude that his company had suffered a massive data breach, and he dumped
his stock before the news went public,” Richard R. Best, director of the
SEC’s Atlanta Regional Office, said in the press release announcing the
action. “Corporate insiders who learn inside information, including
information about material cyber intrusions, cannot betray shareholders for
their own financial benefit.”

In addition to the SEC, the U.S. Attorney’s office in the Northern District
of Georgia filed the same criminal charges against the Equifax executive.
With the SEC complaint, Ying is charged with violating antifraud provisions
of federal securities laws and seeks disgorgement of his gains plus
interest, penalties and injunctive relief.

A statement issued by Equifax Interim Chief Executive Officer Paulino Do
Rego Barros Jr. revealed the company had launched an inquiry into Ying’s
actions.

“Upon learning about Mr. Ying’s August sale of Equifax shares, we launched
a review of his trading activity, concluded he violated our company’s
trading policies, separated him from the company and reported our findings
to government authorities. We are fully cooperating with the DOJ
[Department of Justice] and the SEC, and will continue to do so. We take
corporate governance and compliance very seriously and will not tolerate
violations of our policies,” the statement read.

Equifax has been under fire for months after it disclosed its massive data
breach, in which hackers made off with a large amount of personal data,
including Social Security numbers and driver’s licenses. In total, 209,000
credit card accounts were stolen. Earlier this month, Equifax disclosed
that it expects costs from the breach to increase $275 million in 2018,
which could make it the most expensive hack of a corporation ever.

Citing comments the company made on a conference call, Reuters stated the
$275 million would be in addition to the $164 million in pre-tax costs it
reported for the last six months of 2017. Some of the money to be spent in
2018 for the data breach includes technology and security upgrades, legal
fees and free identity theft services for consumers who were impacted by
the cyberattack. At the end of 2017, the cost from the data breach stood at
$439 million.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20180315/ec214d01/attachment.html>