The Securities and Exchange Commission (SEC), the federal regulatory authority for the financial market in US has charged former Equifax CIO of US Information Systems business unit, Jun Ying of insider trading in a probe following the massive data breach affecting more than 143 million US consumers.
The agency has charged Jun Ying under the provisions of insider trading in shares of Equifax in 2017, just a few days prior to the bombshell announcement of a severe breach of Equifax system, exposing personal data and sensitive information of more than 143 million people. Days prior to the announcement, Ying has sold company stock worth over $1 million in which he avoided more than $117,000 in losses, based on the information privy to few people in the company including Ying. The company shares took a beating of more than 14 percent after the company reported the data breach on September 7th, 2017.
Jun Ying got the first indication of system breach on August 25th, when his employer sent emails alerting of a “very large breach opportunity” that would require scaling up its IT systems to process. The top company officials has kept the information of data breach secret from its employees and instead suggested it involved an Equifax client. But Ying on certain digging of information based on additional information he received got to know about the breach which he confirmed from global CIO.
Ying then allegedly accessed his company sponsored stock plan and exercised all his vested interest to buy Equifax shares which he sold for total proceeds of more than $950,000.
The SEC has filed for action as an administrative proceeding and is seeking injunctive relief, disgorgement of ill-gotten gains, and the imposition of civil monetary penalties. In addition to SEC charges, the US Attorney’s office for the Northern District of Georgia has also put similar criminal charges against Ying.
The prosecutor to the case wrote in Wednesday’s complaint: “These securities transactions were made on the basis of material nonpublic information and breached the duty of trust and confidence that Ying owed to Equifax and its shareholders. Ying knew or was reckless in not knowing that the information that Equifax itself was the victim of a major cybersecurity breach was material and nonpublic, and Ying used that information when making these securities transactions.”
Following the announcement of the data breach and resignation of then Equifax CIO, Ying got an offer from Equifax on September 15th to become its Global CIO which was later withdrawn after learning of the stock sales. The company issued a statement on Wednesday saying:
“Upon learning about Mr Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company, and reported our findings to government authorities. We are fully cooperating with the DOJ and the SEC and will continue to do so.”
“We take corporate governance and compliance very seriously and will not tolerate violations of our policies.”