Jun Ying, former executive at Equifax, has recently been charged by the Security Exchange Commission for insider trading. Ying, the CIO of an Equifax business unit who was poised to become global CIO, sold shares of Equifax for $1 million when he received confidential information about the September 2017 data breach before it was released to the public. Post-announcement, as expected, Equifax stock fell 13%, and Ying was able to circumvent a $117,000 loss.
“Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit,” Richard R. Best said in an SEC statement.
In September 2017, Equifax experienced one of the biggest data breaches in hacking history when 145.5 million Americans (44% of the entire population in the United States) had their personal information stolen. This data included driver’s licenses, social security numbers, and credit card numbers. Earlier this month, the company announced that that number was slightly higher, adding nearly 2.5 million more to the list of compromised identities.
According to the Washington Post, after Ying discovered that there may have been an Equifax breach, he began researching how stock prices were affected by their competitor, Experian. The complaint alleges that Ying started to connect the dots when Equifax put two teams together, called “Project Sierra” and “Project Sparta” to respond to the breach in July. By then, personal had been being mined for three months. Although Ying was not a part of either teams, in August he spoke to an executive about a major theft at the company. Text messages obtained from Ying reveal the following message sent to a colleague:
“Sounds bad. We may be the one breached. … Starting to put 2 and 2 together.”
Ying took some time to weigh his options and conducted research that he hoped would provide him with a resolution. Through his research, he learned that Experian stock took a hit after they experienced a much smaller breach, and within an hour, decided to pull the plug on his own shares. Additional text messages between Ying and his friends confirm that he had used his inside knowledge to make the decision.
The security firm learned of the breach in July, but didn’t announce it publicly until September, leaving ample opportunity for others to ditch their stock as well. Ying isn’t the only executive accused of insider trading. Chief Financial Officer John Gamble also sold nearly $1 million of his stock two days after executives became aware of the hack on July 29th . Joseph Loughran, president of U.S. information solutions, sold $584,099, and Rodolfo Ploder, president of workforce solutions, sold $250,458.
After the initial breach announcement occurred in September, Equifax delivered a weak apology that didn’t help the company improve its image. This resulted in a slew of class-action lawsuits against the company. Today, many Americans are taking Equifax to small claims court, rather than taking the class-action approach. Christian Haigh, who co-founded the finance startup Legalist, successfully won his $8,000 claim (which was later reduced to $5,500), and used some of his funds to help others continue to do the same. According to Haigh, the small claims court process is much more relaxed than the alternative, and he encourages others to follow suit.
“When you’re showing up in small claims court, it’s not a literal battle between you and the other side,” Haigh said in an interview with Inc. magazine. “It might feel like it, but you’re really trying to impress the judge. It’s an arena for regular people to settle grievances.” Haigh went on to say that weaknesses–such as the lack of a law degree–can quickly become strengths in small claims court, where the underdog is treated more favorably than in a higher court system.
Equifax and Experian continue to be lessons for current and future business owners, who are paying much closer attention to security. Even smaller companies are choosing Linux VPS hosting over cheaper options like shared hosting, and employing highly-secured payment gateways on ecommerce sites. According to Gartner Inc., worldwide spend on security solutions is poised to increase by at least 8% in 2018, totaling $96.3 billion. Today, security is a top concern, and with more breaches occurring than ever, business owners must err on the side of caution.
The Equifax breach has pushed many officials to consider an alternative to social security numbers. Experts and Americans around the country are begging the question, “Why does your identity depend on one number?”
According to the Social Security Administration’s history page, social security numbers were never meant to be combined with a person’s identity. Initially, numbers were provided to track a person’s work history and deliver appropriate work benefits.
In an interview with the Denver Post, Mark Rotenberg, president of the Electronic Privacy Information Center at Georgetown University law school said, “I warned Congress more than 25 years ago that it was a mistake to allow the Social Security number to be used as a general purpose identifier. And over the last 25 years, the United States has experienced a dramatic increase in identity theft and financial fraud, largely traced to the growing use of the SSN.”