A former Equifax executive has been charged with insider trading for dumping his vested stock before the credit agency went public with a massive data breach.
Jun Ying, who was slated to become the company's next chief information officer, allegedly used confidential information that the company's systems had been hacked to sell his stock before the news was made public.
According to a Justice Department statement, Ying sent a text message to a colleague two weeks before Equifax revealed the hack, in which he said the breach "sounds bad." Three days later, Ying searched the web to research the effect of Experian's 2015 own breach on its stock price.
Later that day, Ying excised all his available stock options.
The former executive made more than $1 million from the sale, according to a federal complaint, avoiding more than $117,000 in losses.
The Securities and Exchange Commission announced the charges Wednesday.
"Corporate insiders who learn inside information, including information about material cyber intrusions, cannot betray shareholders for their own financial benefit," said Richard Best, director of the SEC's Atlanta regional office, in remarks.
Ying was also charged with antifraud provisions.
In a brief statement, Equifax spokesperson said:
"Upon learning about Mr. Ying's August sale of Equifax shares, we launched a review of his trading activity, concluded he violated our company's trading policies, separated him from the company and reported our findings to government authorities. We are fully cooperating with the DOJ and the SEC, and will continue to do so."
"We take corporate governance and compliance very seriously, and will not tolerate violations of our policies," the spokesperson added.
Equifax revealed a data breach of more than 147 million Americans, including some British and Canadian consumers. It was the largest single breach last year.
But the company was widely criticized for botching its response in the aftermath. Not only did Equifax take four months to disclose the hack, but the breach was later attributed to a vulnerable server that the company had failed to patch earlier in the year. After the hack was eventually disclosed, Equifax struggled to inform its users -- many of which had no idea the company was hoarding data on them in the first place -- if they were vulnerable.
There was rampant speculation about three senior executives who sold stock in the weeks after the breach was discovered, but before it was publicly announced.
The executives, including Chief Financial Officer John Gamble, collectively made almost $1.8 million from the sale.
Equifax said at the time that the executives had "no knowledge that an intrusion had occurred," and it said the sales were part of pre-scheduled trading plans.
A special committee of the company's board found in November that the executives did not engage in insider trading.
Chief executive Richard Smith stepped down from the company in the wake of the hack.