The Securities and Exchange Commission on Wednesday said it had charged a former business executive from credit reporting agency Equifax with insider trading, in the wake of the massive breach that compromised the personal information of more than 147 million Americans.
Continue Reading Below
Jun Ying, who was next in line to be the company’s global CIO, was one of three executives at the company who dumped millions of dollars’ worth of stock after it was discovered that the company had suffered a massive cyberattack, but before that information was publicly disclosed.
According to the SEC, Ying used confidential information to reap benefits of around $1 million from the stock sale, and evaded more than $117,000 in losses.
“As alleged in our complaint, Ying used confidential information to conclude that his company had suffered a massive data breach, and he dumped his stock before the news went public,” Richard R. Best, director of the SEC’s Atlanta Regional Office, said in a statement. “Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit.”
The hack was discovered and stopped by Equifax on July 29, while three top executives, including Ying, collectively sold shares worth nearly $2 million on Aug. 1 and Aug. 2. The public was notified about the breach on Sept. 7.
Insider trading is generally punishable by both a prison sentence and civil and criminal fines, according to the SEC. The maximum prison sentence is now 20 years, while the maximum criminal fine is $5 million. As for civil penalties, individuals may be required to disgorge as much as three times the amount of profits gained, or losses avoided.
During congressional testimony, former CEO Richard Smith said the executives in question had gone through the proper channels to sell company stock. He also said employees were encouraged to sell their shares during a specific window following an earnings report, which is when the stock sale allegedly happened.
Equifax revealed earlier this month an addition 2.4 million consumer accounts had been hit during the 2017 data breach, which took place from mid-May through July of last year. The total number of victims has consequently risen to nearly 148 million.