Federal prosecutors on Wednesday charged a former Equifax executive with insider trading, alleging that he profited from confidential information about the massive data breach at the company that compromised sensitive data of 148 million people.
Jun Ying, former chief information officer of a U.S. business unit of Equifax, faces both civil and criminal charges from the Securities and Exchange Commission and U.S. Attorney’s Office for the Northern District of Georgia.
”Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” Richard R. Best, Director of the SEC’s Atlanta Regional Office, said in a statement.
Equifax disclosed last year that hackers had obtained sensitive information, including Social Security numbers and dates of birth, for more than 143 million people. The breach began in May and was discovered by the company on July 29.
According to the complaint, Equifax began assembling teams, “Project Sierra” and “Project Sparta” to respond to the breach. At the time, Ying, 42, had already worked at Equifax since 2013 and was a leading candidate to become the global chief information officer of the firm. But he was not initially part of either team responding to the breach.
Then in late August, according to the complaint, Ying began to realize the company had been victim of a major breach. After a call with a high-ranking executive, Ting texted to a colleague: “Sounds bad. We may be the one breached. … Starting to put 2 and 2 together.”
A few days later, Ying searched online to determine how a major cyberbreach had affected the stock price of one of Equifax’s competitors, Experian. Within an hour of discovering how Experian’s stock price had suffered after a much smaller hack, Ying exercised all of his vested Equifax stock options, according to the complaints. He then sold those shares for nearly $1 million.
The next day, according to the indictment, Ying texted a friend: “I think some big media announcement is coming about us. … I think it might be bad.” Nine days later Equifax publicly announced that it had been breached, sending its stock price plummeting. If Ying had waited until the news of the breach had made public, he would have suffered losses of $117,000, according to the SEC complaint.
“The alleged actions of this defendant undermine the public’s confidence in the nation’s stock markets,” David J. LeValley, special agent in charge of FBI Atlanta, said in a statement.
Ying’s attorney declined to comment.
The news is likely to revive public outrage at Equifax’s bungled public response to the breach, including a post on its Twitter page that mistakenly directed consumers in search of help to a fake site pretending to be Equifax. It also drew fire for initially requiring consumers to agree not to join a class-action lawsuit to get some forms of help. Earlier this month, Equifax said that 2.4 million more consumers than previously reported were affected by the massive data breach, bringing the total of those affected to as many as 147.9 million consumers or about half the country.
Equifax was also heavily criticized after the discovery that three other Equifax executives had sold stock after the company knew of the breach but before it was made public. Those executives — Chief Financial Officer John W. Gamble; Joseph M. Loughran III, president of U.S. information solutions; and Rodolfo O. Ploder, president of workforce solutions — sold large amounts of their shares of Equifax stock and made $2 million in profits. The case filed against Ying does not mention those executives.