Content, Breach, Security Staff Acquisition & Development

SEC Charges Former Equifax U.S. CIO With Insider Trading

The Securities and Exchange Commission (SEC) today charged former Equifax U.S. Information Systems Chief Information Officer Jun Ying with insider trading, according to an SEC complaint.

The SEC complaint alleges that Ying leveraged insider information about the massive Equifax breach of 2017 to avoid more than $100,000 in stock losses.

According to the SEC complaint:

"Defendant Jun Ying (“Ying”) committed securities fraud by engaging in illegal insider trading. After being entrusted with material, nonpublic information about a massive cyber-intrusion and data breach suffered by his employer, Equifax Inc. (“Equifax” or “the company”), Ying exercised all his vested Equifax stock options and sold the shares prior to the public announcement of the breach. By selling when he did, Ying avoided losses in excess of $117,000."

The massive Equifax breach -- involving more than 143 million consumer identities -- triggered multiple executive resignations in 2017. The departures included Equifax Global Chief Information Officer David Webb and Chief Security Officer Susan Mauldin, and former CEO Richard Smith.

SEC Timeline Against Former Equifax U.S. CIO

In  the case against Ying, the SEC rolls out a lengthy timeline (dates and times) containing texts, emails and phone call summaries. Among the key dates mentioned in the SEC complaint:

  • Mid-2017: Equifax discovers the breach in mid-2017.  Discussion about the breach was initially limited to a forensics team and selected Equifax insiders, among others. Ying is not looped in at this point.
  • August 25, 2017: Several Equifax IT personnel, including Ying, received an email about a breach opportunity. While the email didn't disclose Equifax as a victim, Ying put two and two together and realized Equifax was the victim, the SEC alleges. For instance, Ying allegedly searched the Internet to learn how a breach at Experian had impacted that company's stock price.
  • August 28, 2017: Ying allegedly sold $950,000 worth of Equifax stock options. The transaction allowed Ying to avoid more than $117,000 in losses once the breach became public news, the SEC alleges.
  •  August 30, 2017: Equifax's Global CIO officially told Ying that Equifax had been breached, the SEC says.

Equifax Statement on Former U.S. CIO

In an Equifax statement issued today (March 14, 2018), the company said:

“Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities. We are fully cooperating with the DOJ and the SEC, and will continue to do so. We take corporate governance and compliance very seriously, and will not tolerate violations of our policies.”

MSSP Alert could not reach Ying for comment.

Federal official are also investigating other former Equifax executives who sold millions of dollars in company stock in early August, also before Equifax announced the breach but after news of it spread through the company, The Hill reports. An internal Equifax investigation found no wrongdoing from the three former executives, that report notes.

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.