A former manager at Equifax admitted in court last week that he used non-public information to profit off of the credit reporting agency’s data breach that exposed the data of more than 148 million American consumers to hackers.
According to the Department of Justice, Sudhakar Reddy Bonthu pleaded last week to a charge of insider trading that stemmed from purchasing options in advance of Equifax’s public disclosure of its data breach.
Earlier this year, Bonthu became the second Equifax employee to be charged with insider trading ahead of the company’s breach announcement. In March, the company’s former chief information officer of its U.S. information solutions business, Jun Ying, was also charged with insider trading.
Bonthu served as a software development manager for Equifax’s Global Consumer Services team in August 2017. In that position, Bonthu was privy to certain information that led him to determine that Equifax was the victim of the breach.
On Aug. 25, 2017, Bonthu and other Equifax employees were asked to work on a response to a data breach, but were not told that the breach was about Equifax itself.
Later that month, Bonthu learned that at least 100 million people’s information, including names and Social Security numbers, was exposed as part of the breach.
That, combined with other information, led Bonthu to figure out that Equifax was the victim of the breach he’d been working on.
In early September, Bonthu used that knowledge to buy 86 put options in Equifax stock that expired on Sept. 15, 2017. Those options allowed him to profit if the value of Equifax stock dropped within a two-week period.
Equifax first revealed the data breach on Sept. 7, 2017, which led to its stock falling the following day. Bonthu then exercised his put options on Equifax stock, leading to a profit of more than $75,000.
Bonthu appeared in federal court last week and admitted to using the breach information to buy the options and make the trades in question.
“Bonthu was privy to nonpublic information pertaining to Equifax’s data breach, and he violated the law when he used that knowledge to enrich himself,” said U.S. Attorney Byung Pak. “Our office will continue investigate and prosecute those who take advantage of their positions for illegal gain.”
Besides Bonthu and Ying, other Equifax executives were accused of insider trading. In the wake of the breach first being exposed, questions were raised about the stock trades of four company executives – John Gamble, chief financial officer; Joseph Loughran, president, U.S. information solutions; Rodolfo Ploder, president, workforce solutions; and Douglas Brandberg, senior vice president, investor relations.
Those executives made the trades of company stock in the period between when the breach took place and when Equifax disclosed it to the public.
A company investigation later found that none of the four execs were aware of the data breach when they made the trades in question, but that wasn’t the case for Bonthu.
“Bonthu used confidential information to determine that his company had suffered a massive data breach and then violated company policy to illegally profit from it,” said Richard Best, Director of the Securities and Exchange Commission’s Atlanta Regional Office. “Corporate employees cannot take advantage of their access to sensitive information and unlawfully benefit from it.”
Bonthu is due to be sentenced on Oct. 18, 2018.