ATLANTA (AP) — A former Equifax executive who sold shares for nearly $1 million a week and a half before the company announced a massive data breach pleaded guilty Thursday in Atlanta to a federal insider trading charge.
Jun Ying, 43, exercised all his available stock options before making the sale and realized a gain of more than $480,000 on the sale, prosecutors said. That's about $117,000 more than it would have been worth immediately after the price plummeted when the breach was disclosed.
Ying, former chief information officer of Equifax's U.S. Information Solutions, was indicted in March 2018 and had previously pleaded not guilty. He is scheduled to be sentenced June 27.
Ying made the sale after receiving information in late August 2017 that led him to realize Equifax was the victim of a breach, prosecutor Chris Huber said in court.
Equifax disclosed the breach Sept. 7, 2017. The Atlanta-based credit reporting company ultimately revealed that the personal information of more than 145 million people had been exposed.
The Securities and Exchange Commission has also accused Ying of insider trading. An SEC spokesman said Thursday that there was no update on that case.
The SEC has said that at the time of the breach, Ying was often entrusted with nonpublic company information and was a leading candidate to become the global CIO of Equifax, a job he was actually offered on Sept. 15, 2017, the same day the company announced CIO Dave Webb would retire.
At the time of Ying's indictment, the company said that it "separated him from the company" upon learning of his sale of Equifax shares and concluding he had violated its trading policies. The SEC complaint says Ying worked at Equifax until October 2017.
Unidentified hackers accessed Equifax databases without authorization from mid-May through July in 2017 and obtained customers' personal information. Federal authorities say Equifax discovered the suspicious activity on its network on July 29, 2017.
The company changed administrative credentials for many of its internal databases a couple of weeks later, in mid-August. Ying was aware of these changes, and employees who reported to him were responsible for some of them.
On Aug. 25, Ying, along with several employees who reported to him, were asked to help respond, although they were told then that the work involved a potential Equifax customer, not Equifax itself, the indictment says.
"Sounds bad. We may be the one breached," and "I'm starting to put 2 and 2 together," Ying told a co-worker in text messages, according to the indictment.
Three days later, on Aug. 28, 2017, Ying did searches using his Equifax computer on what happened to the Experian stock price after that credit reporting company experienced a breach in 2015. Later that morning, he exercised all his available stock options and received 6,815 shares of Equifax stock, which he sold for more than $950,000. That represented a gain of more than $480,000 and saved him a loss of about $117,000, prosecutors said.
Huber, the prosecutor, told U.S. District Judge Amy Totenberg in court Thursday that federal sentencing guidelines indicate a prison sentence between 15 and 21 months is appropriate. As part of a plea agreement, Huber said, the government has agreed to recommend a sentence at the lower end of that range. The judge is not bound by the plea agreement.
A former Equifax software product development manager who exercised his put options and made a profit of about $75,000 before the breach was disclosed was sentenced in October to serve eight months home confinement after pleading guilty in Atlanta to insider trading. He was also ordered to pay a $50,000 fine, serve 50 hours of community service and forfeit proceeds gained from insider trading. Put options allow the holder to make a profit if the stock price drops.
Equifax Chief Financial Officer John Gamble and three other executives sold shares worth a combined $1.8 million days after Equifax discovered suspicious activity on its network — and nearly a month before Ying sold his shares — but Equifax said an independent committee determined that these other executives did not know of the breach when their trades were made.