The former chief information officer of Equifax’s U.S. business admitted in court that he dumped nearly $1 million in company stock after learning of the massive data breach at the credit reporting agency, but before the breach was disclosed to the public.
Jun Ying, the former chief information officer of Equifax’s U.S. Information Solutions business, was accused of using non-public information to make trades on Equifax stock and profiting off of the breach.
According to the Securities and Exchange Commission and Department of Justice, Ying became aware of the breach more than a week before it was announced and used that knowledge to exercise all of his available stock options to buy Equifax shares and immediately sell them.
The total proceeds of Ying’s stock sales were more than $950,000, and he realized a gain of more than $480,000 on the trades.
According to the authorities, by selling his stock before the breach was disclosed, Ying avoided more than $117,000 in losses that he would have suffered when the company’s stock tanked after the breach became public.
According to the SEC, Ying’s position in the company and the information passed to him allowed him to deduce that the company was the victim of a data breach in late August, more than a week before the breach was disclosed to the public.
Court documents show that Ying was a member of “Project Sparta,” an internal team formed at Equifax to deal with notification and remediation plan for the millions of consumers affected by the breach, although those Equifax employees were not aware at the time that the breach in question had happened.
The Project Sparta team was told that that they were working for an unnamed client that had experienced a large data breach.
But, Ying eventually deduced that it was likely Equifax itself that was breached.
On Friday, Aug. 25, 2017, Ying texted a co-worker that the breach they were working on “sounds bad. We may be the one breached.”
The following Monday, Aug. 28, 2017, Ying allegedly began searching the internet for information about the 2015 data breach at Experian and how that breach affected the company’s stock price.
Later that morning, Ying exercised all of his stock options, resulting in him receiving 6,815 shares of Equifax stock, which he then sold for total proceeds of more than $950,000.
Two days later, Ying was officially notified of the breach by company executives but did not tell anyone that he had exercised and sold all of his vested Equifax options just two days before.
Ying was the chief information officer of the company’s U.S. business, and was actually the leading candidate to replace Dave Webb as the global chief information officer after Webb “retired” in the immediate aftermath of the breach’s disclosure.
That role ended up going to Mark Rohrwasser, who was appointed interim chief information officer. Rohrwasser joined Equifax in 2016 and previously led Equifax's international IT operations.
According to the SEC, Ying was actually offered the job when Webb retired but the offer was pulled after the company’s senior executives learned of Ying’s questionable trades.
Following an internal investigation into Ying’s trading, Equifax concluded that he violated the company’s insider trading policy and that his employment should be terminated, the SEC said. At the conclusion of that investigation, Ying agreed to resign.
Later, Ying was charged by the SEC and DOJ, and eventually pleaded guilty to the charges facing him.
And this week, Ying was sentenced to sentenced to four months in prison, followed by one year of supervised release. Ying was also ordered to pay restitution of $117,117.61, and fined $55,000.
“Ying thought of his own financial gain before the millions of people exposed in this data breach even knew they were victims,” said U.S. Attorney Byung Pak. “He abused the trust placed in him and the senior position he held to profit from inside information.”
Ying is actually the second former Equifax employee to admit to profiting off the breach. Last year, Sudhakar Reddy Bonthu, a former software development manager for Equifax’s Global Consumer Services team, pleaded guilty to a charge of insider trading that stemmed from purchasing options in advance of Equifax’s disclosure of the breach.