A former executive at credit reporting agency Equifax has been indicted on charges of insider trading, U.S. prosecutors announced on Wednesday, alleging that he sold his shares after he realized that the company had suffered a massive data breach.
The U.S. Attorney’s Office for the Northern District of Georgia said 42-year-old Jun Ying of Atlanta is facing federal charges of insider trading. He has also been charged by the U.S. Securities and Exchange Commission (SEC) for violating anti-fraud provisions.
It is believed to be the first time that someone has been charged with insider trading for trying to profit from information about a cyber attack.
Ying, who was the Chief Information Officer of Equifax U.S. Information Solutions, realized in August that an internal effort to help a client with a data breach was merely a cover story. “Sounds bad. We may be the one breached .. Starting to put 2 and 2 together,” he said in a text to a co-worker.
At the same time, his demeanor towards requests for assistance suddenly changed, according to court documents. When asked by the project leader if he had any questions, Ying said in a text: “No question right now. Actually, I don’t want to know 😉 I told the team to [rally].”
A few days later, prosecutors say, Ying conducted web searches to determine what the impact was on the stock price of credit reporting agency Experian when it suffered a data breach in 2015. He then exercised all of his available Equifax stock options and sold his shares for $950,000.
Equifax announced the data breach, which affected more than 145 million American citizens, more than a week later, causing its stock price to fall. Ying avoided more than $117,000 in losses by selling his shares before the announcement.
“The alleged actions of this defendant undermine the public’s confidence in the nation’s stock markets,” said David J. LeValley, the Special Agent in Charge of FBI Atlanta. “By prosecuting cases like this, the FBI and [SEC] are sending a strong message to company insiders that they must follow the same rules that govern regular investors. Otherwise, they face the severe consequences for failing to do so.”
Equifax said Ying was fired after an internal investigation found that he had violated the company’s trading policies. Three other executives, who sold more than $1.8 million in shares just 3 days after the breach was discovered, were cleared by the company because they didn’t know.
The breach occurred from mid-May through July 2017 when criminals exploited a vulnerability on a U.S. website to gain access to certain files. It affected more than 145 million Americans, nearly 700,000 Britons, and 19,000 Canadians.
With about 146 million people affected, it was one of the largest cyber security breaches ever reported, affecting nearly half of the U.S. population. Only two other data breaches are known to have affected a larger number of people: one at Adult Friend Finder and one at Yahoo.