Equifax CIO Charged with Breach-Related Insider Trading

Equifax Insider Trading

Jun Ying, the former CIO of a US subdivision of Equifax and the next in line for the global Equifax CIO position, has been charged with insider trading by the Securities and Exchange Commission (SEC). Ying allegedly dumped stocks in the company prior to the public revelations of the devastating data breach of 2017.

According to the SEC charges, Ying used his position to learn of the breach before the public, researched the potential stock damage that could result, then before the disclosure exercised his stock options and sold nearly $1 million in Equifax shares. By doing so, he alleged saved over $100,000.

In the wake of the arrest, Equifax released a statement: “Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities. We are fully cooperating with the DOJ and the SEC, and will continue to do so. We take corporate governance and compliance very seriously, and will not tolerate violations of our policies.”

Evidence from investigations into the credit reporting and monitoring company suggests that even some within the company were unaware of the breach, or of the full extent of the damage, until the public disclosures. An internal email by Ying was written in what appears to be an intentionally misleading about the nature of the breach.

This is the first outright criminal charge levied against an Equifax executive since they suffered a data breach of identity information for over 147 million people. The breach is considered one of the worst in history in terms of severity. The insider trading charges against Ying fits with Senator Elizabeth Warren’s (D-MA) accusation that the company was and is attempting to profit off of their data breach and botched their response to the breach.

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner