A former Equifax executive faces insider trading charges by the Securities and Exchange Commission in connection with trades he made before the credit reporting company announced a massive data breach last summer.
The SEC says Jun Ying, 42, who was to become the company’s next chief information officer, used confidential information to exercise his vested Equifax stock options and then sell the shares before the company publicly reported a breach that affected more than 145 million people.
Because of the trades, Ying was able to avoid $117,000 in losses, the SEC said Wednesday. He sold the equivalent of $950,000 in stock.
He was the chief information officer of one of Equifax’s business units and a leading candidate to take on the top CIO role at the company. The SEC says he was offered the global CIO job on September 15, 2017, which was also a week after the company disclosed the data breach and the day on which the sitting CIO resigned.
Ying is not one of the Equifax executives who attracted attention for disclosing they sold $1.8 million of stock just days before the breach was made public.
In November, a special committee of Equifax’s board found that the sales, by four executives, were not improper and that none of them knew about the security breach at the time of the sales. The executives were John Gamble, the CFO, Joseph Loughran and Rodolfo Ploder, who run two of its business units, and Douglas Brandberg, a senior staffer in investor relations.
Equifax has acknowledged it discovered suspicious activity in its system in late July. It didn’t disclose the data breach publicly until Sept. 7.
In the interim, it hired an outside law firm to investigate the activity alongside its internal security department. “Project Sierra,” as the investigation was known internally, subjected employees to a trading black out period regarding the company’s stock. A separate team, known as “Project Sparta” was set up to develop a customer website and staff up a call center. The Sparta employees were told they were working on a project for a client, the SEC said its lawsuit on Wednesday.
Ying wasn’t a part of either Sierra or Sparta projects but found out about the Equifax breach through a series of internal communications in late August, in which he inferred that it was Equifax itself and not a client that was the subject of the breach, the SEC said. In the next few days after those communications, Ying researched the stock moves of a competitor company after it announced a data breach.
This story is developing. Please check back for updates.