The Securities and Exchange Commission (SEC) today charged former Equifax U.S. Information Systems Chief Information Officer Jun Ying with insider trading, according to an SEC complaint.
The SEC complaint alleges that Ying leveraged insider information about the massive Equifax breach of 2017 to avoid more than $100,000 in stock losses.
According to the SEC complaint:
"Defendant Jun Ying (“Ying”) committed securities fraud by engaging in illegal insider trading. After being entrusted with material, nonpublic information about a massive cyber-intrusion and data breach suffered by his employer, Equifax Inc. (“Equifax” or “the company”), Ying exercised all his vested Equifax stock options and sold the shares prior to the public announcement of the breach. By selling when he did, Ying avoided losses in excess of $117,000."
The massive Equifax breach -- involving more than 143 million consumer identities -- triggered multiple executive resignations in 2017. The departures included Equifax Global Chief Information Officer David Webb and Chief Security Officer Susan Mauldin, and former CEO Richard Smith.
SEC Timeline Against Former Equifax U.S. CIO
In the case against Ying, the SEC rolls out a lengthy timeline (dates and times) containing texts, emails and phone call summaries. Among the key dates mentioned in the SEC complaint:
- Mid-2017: Equifax discovers the breach in mid-2017. Discussion about the breach was initially limited to a forensics team and selected Equifax insiders, among others. Ying is not looped in at this point.
- August 25, 2017: Several Equifax IT personnel, including Ying, received an email about a breach opportunity. While the email didn't disclose Equifax as a victim, Ying put two and two together and realized Equifax was the victim, the SEC alleges. For instance, Ying allegedly searched the Internet to learn how a breach at Experian had impacted that company's stock price.
- August 28, 2017: Ying allegedly sold $950,000 worth of Equifax stock options. The transaction allowed Ying to avoid more than $117,000 in losses once the breach became public news, the SEC alleges.
- August 30, 2017: Equifax's Global CIO officially told Ying that Equifax had been breached, the SEC says.