A former Equifax executive was charged Wednesday with using inside knowledge to sell almost $1 million of stock before the credit-reporting firm's disclosure of a cyber-attack that exposed personal data for nearly half the country.
Jun Ying, a divisional manager who was offered a promotion to global chief information officer before the company discovered his trades, learned in August that Equifax had suffered a major breach, according to a Securities and Exchange Commission's civil complaint.
He then exercised all of his vested stock options and immediately sold the shares, netting $950,000 -- and avoiding more than $117,000 in losses once investors learned what had happened, according to the U.S. Attorney's Office in Atlanta, which said Ying had been indicted on a criminal insider trading charge.
The indictment and the SEC complaint bring renewed investor attention to stock sales by company executives in the weeks between the Atlanta-based company's discovery of the hack and its Sept. 7 disclosure that personal identification data for about 148 million Americans, including driver's license information, Social Security numbers and birth dates, had been exposed.
A group of three dozen Democratic and Republican senators subsequently wrote to SEC Chair Jay Clayton, Attorney General Jeff Sessions and acting Federal Trading Commission Chairwoman Maureen Ohlhausen asking for an investigation into the sales of more than $1.5 million company securities by senior executives.
Equifax said those executives didn't know about the breach at the time of their transactions but pointed out shortly afterward that its top information and security officers were leaving, without naming them or saying why.
The credit-monitoring firm's stock plummeted 21 percent in just two days of trading following the disclosure, and remains 14 percent below its previous price of $142. As backlash mounted, including lawsuits, then-Chief Executive Officer Richard Smith stepped down, forfeiting a bonus valued at $3 million in previous years, and Congress held brutal hearings with executives.
Several lawmakers suggested that executives should have known the firm's data was a gold mine for hackers and installed the digital equivalent of security protections at Fort Knox, the U.S. gold depository in Kentucky. Some said the company should give up a $7.25 million contract to help the Internal Revenue Service verify taxpayer identities.
One of them was Sen. Elizabeth Warren, a Massachusetts Democrat and member of the Senate Banking Committee, who has pushed for Congress to set strict cybersecurity standards for credit reporting firms like Equifax, Experian and TransUnion. Government regulators should be able to fine the companies when they fail to safeguard their data, she added.
Prosecuting cases like the one against Ying sends "a strong message to company insiders that they must follow the same rules that govern regular investors," said David LeValley, special agent in charge of the FBI's Atlanta office. The conduct described by investigators undermines "the public's confidence in the nation's stock markets," he added.
Equifax said it's cooperating fully with the probes.
“Upon learning about Mr. Ying’s August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company’s trading policies, separated him from the company and reported our findings to government authorities," interim CEO Paulino Do Rego Barros said in a statement. “We take corporate governance and compliance very seriously, and will not tolerate violations of our policies.”
Nonetheless, the company has yet to be held fully accountable, said Sen. Ben Sasse, a Nebraska Republican who also serves on the Banking Committee.
"This isn’t a one-and-done problem for the millions of families who are still at risk," he noted. "This goes way beyond today’s news cycle and beyond Mr. Ying’s trial – years from now, there are going to be families who can’t get home loans, families who have terrible credit scores, and families who are stuck fighting fraudulent charges because of Equifax. Someone has to answer for this."