Prison Sentence Handed Down to Equifax Exec After Data Breach Drew Wilson | July 2, 2019 More fallout has happened from the 2017 data breach. A judge has handed down a prison sentence as well as a fine to a former executive of Equifax. It was a data breach that gripped the American population throughout 2017 and 2018. The breach took place in 2017. Originally reported as affecting 123 million Americans, by March of 2018, the number of reported people affected by it rose to 145 million. Naturally, lawsuits were filed against the company among other things. The breach, of course, is controversial in many aspects. For one, many of those affected by the breach didn’t necessarily sign contracts with the company or anything. All they know is that their personal information such as social security numbers and other pieces of info suddenly fell into the hands of hackers. Another controversy is what one executive did. Upon learning about the data breach, the executive in question allegedly waited multiple weeks before deciding to inform the public. Why the holdup? As it turns out, the executive allegedly spent that time researching share prices following a major breach and then sold his shares. Only after did he allow the information about the breach go public. Critics, of course, were furious at that revelation. Some cynics figure that this insider trading would go unpunished. Others actively asked how this is not illegal. As it turns out, it wasn’t just critics asking these questions either. It seems prosecutors were asking some pretty similar questions themselves. After investigating, they actually went forward with prosecution for insider trading. Now, those questions have resulted in a prison sentence handed down to a former Chief Information Officer (CIO). From ZDNet: Jun Ying served as the CIO of the credit rating agency’s US Information Solutions arm at the time a 2017 data breach resulted in the exposure and theft of information belonging to roughly 145 million US citizens. After examining how rival company Experian suffered after a 2015 data breach, two days after the discovery of the incident, Ying exercised his stock options and received a total of 6,815 shares. The 44-year-old executive then sold all of his stock, resulting in payment of over $950,000. According to US prosecutors, the insider trading benefited Ying to the tune of over $480,000 and circumvented a loss of over $117,000. Several weeks later, Equifax publicly admitted to the data breach and the firm’s share price plummeted. Ying pleaded guilty to insider trading and was sentenced to four months in prison with a year of supervised release. In addition, the former CIO was fined $55,000 and ordered to pay $117,117 in restitution. “Ying thought of his own financial gain before the millions of people exposed in this data breach even knew they were victims,” said US Attorney Byung Pak. “He abused the trust placed in him and the senior position he held to profit from inside information.” The report points out that Ying isn’t the only one who was prosecuted for the breach either. An Equifax manager was also sentenced as well back in 2018. From the Department of Justice: Sudhakar Reddy Bonthu, a former manager at Equifax, was sentenced today after pleading guilty to insider trading. Bonthu bought and sold Equifax stock options before Equifax’s data breach was publicly announced, while working as a member of the team assembled to respond to the company’s massive data breach in 2017. “Bonthu intentionally took advantage of information entrusted to him in order to make a quick profit,” said U.S. Attorney Byung J. “BJay” Pak. “The integrity of the stock markets and the confidence of investors are impaired by those who use nonpublic information for personal gain.” On September 1, 2017, Bonthu bought 86 “put” options in Equifax stock that expired on September 15, 2017. Those options allowed him to profit if the value of Equifax stock dropped within that two-week period. These trades also violated company policy, which did not allow employees to purchase option contracts in Equifax common stock. Equifax publicly disclosed the data breach on September 7, 2017, and its stock fell the next day. Bonthu then exercised his put options, making a profit of more than $75,000. Sudhakar Reddy Bonthu, 44, of Atlanta, Georgia, was sentenced to eight months of home confinement by U.S. District Court Judge Amy Totenberg. He was fined $50,000 and he was also ordered to forfeit $75,979. At the very least, this is definitely a response to cynics who felt that such activity would go unpunished. The debate surrounding this case will likely shift from whether or not someone is going to be punished to whether or not these fines and confinement is enough. Either way, quite the interesting development here. Drew Wilson on Twitter: @icecube85 and Facebook.