A former senior executive at Equifax was charged with insider trading in advance of the company’s September 2017 announcement about a massive data breach. After purchasing thousands of shares of Equifax stock, Jun Ying, Equifax’s ex-chief information officer for its U.S. information-solutions business, dumped the shares shortly before the public became aware of the data breach and made nearly $1 million in proceeds.
Last year, Equifax announced that a massive breach allowed hackers to illegally access the personal information of more than 140 million Americans, including Social Security numbers, birth dates, credit card numbers, and driver’s license numbers. Although Equifax first discovered the unauthorized access on July 29, the company did not make any public announcement until 40 days later, on September 7, 2017.
According to the SEC’s complaint, Ying, who was next in line to be the company’s global CIO, allegedly used confidential information entrusted to him by the company to conclude that Equifax had suffered a serious breach. Before Equifax’s public disclosure of the data breach, Ying exercised all of his vested Equifax stock options and then sold the shares, reaping proceeds of nearly $1 million. According to the complaint, by selling before public disclosure of the data breach, Ying avoided more than $117,000 in losses.
“As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” said Richard Best, Director of the SEC’s Atlanta Regional Office. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.”
“This defendant took advantage of his position as Equifax’s USIS Chief Information Officer and allegedly sold over $950,000 worth of stock to profit before the company announced a data breach that impacted over 145 million Americans,” said U.S. Attorney Byung Pak.
On August 25, 2017, Ying texted a co-worker that the breach they were working on “Sounds bad. We may be the one breached.” Three days later, Ying conducted web searches on the impact of Experian’s 2015 data breach on its stock price and exercised all of his available stock options, resulting in him receiving 6,815 shares of Equifax stock. He then sold the stock for more than $950,000.
On September 7, 2017, Equifax publicly announced its data breach, which resulted in its stock price falling. By selling his shares before the announcement, Ying avoided more than $117,000 of losses.
“Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities,” Equifax’s interim Chief Executive Officer Paulino do Rego Barros Jr. said in a statement on Wednesday. “We are fully cooperating with the DOJ and the SEC, and will continue to do so.”
In September, the Justice Department opened a criminal investigation into Equifax Chief Financial Officer John Gamble, and unit presidents Joseph Loughran and Rodolfo Ploder who sold shares worth nearly $1.8 million shortly after the company discovered the breach. The executives claim they were unaware of the breach when they sold their shares.
Indicted by a federal grand jury on Monday, Ying will be arraigned later this week.