A former Equifax executive has been sent to prison for insider trading during a data breach in 2017.
Jun Ying was the CIO in the credit rating company’s US Information Solutions in 2017. It was the year the data breach has exposed sensitive data of more than 145 million Americans.
Ying admitted that he sold the company’s shares after realizing that the hacking was taking place. He did this before the company announced the breach to the public.
The US Department of Justice charged Ying following a September 2017 investigation. The US Securities and Exchange Commission formally filed a lawsuit in March 2018 charging him of insider trading.
One evidence showing Ying’s knowledge of the hacking was his private discussion with colleagues about the incident. Another proof was his web searches on the impact of the data breach of Experian on its stock price. Experian is a competitor of Equifax and had also been hit by a hacking incident earlier.
The Justice Department said that Yang had used his knowledge of the cyber attack to his advantage. In selling the stock prices before publicly disclosing the incident, he was able to avoid $117,000 in losses.
U.S. Attorney Byung J. Pak said that Ying thought of his welfare first before the millions of victims. In a statement, Pak added Ying abused the company’s trust in him and his position to profit from the incident.
The 44-year-old former CIO will only serve four months in prison and a year of supervised release. The sentence also included a restitution payment worth $117,000 and a fine of $55,000. Prosecutors had been requesting for one and three months imprisonment and a $75,000 fine apart from the restitution.
Ying is the second former Equifax executive to have been sentenced for insider trading linked to the data breach. Sudhakar Reddy Bonthu, the firm’s former software development manager, was found guilty to a similar charge in 2018. Bonthu had a less severe sentence — only eight months of home confinement and a $50,000 fine.
While bigger hacks have occurred before and after, Equifax’s case stands out because of the level of information involved. As a credit reporting agency, it handles sensitive data that hackers can exploit. They can easily use the addresses, phone numbers, Social Security numbers, and driver’s licenses they’ve stolen for financial crimes.
The data breach has cost Equifax hundreds of millions of dollars aside from denting its reputation. The firm has spent the money on damage control and legal fees.