Mar 14, 2018

Charged Equifax exec figured out firm was breached on his own

Sign with logo and a portion of the main building are visible at the headquarters of credit bureau Equifax in downtown Atlanta, Georgia. (Photo via Smith Collection/Gado/Getty Images)

The headquarters of credit bureau Equifax in downtown Atlanta, Georgia. Photo: Smith Collection/Gado via Getty Images

Equifax U.S. Chief Information Officer Jun Ying, whom the SEC alleges illegally traded shares in the company after a data breach, wasn't told by the company about the incident and instead pieced together that Equifax was breached on his own from scraps of information, according to the SEC's insider trading complaint.

Why it matters: Figuring it out on his own might be a key point in Ying's defense if the case went to trial, according to David Axelrod, a former supervisory trial counsel at the SEC. "A defense attorney could say he did not have material knowledge of the breach," said Axelrod, who is now an attorney for Ballard Spahr.

The details: After the breach, claims the complaint, Equifax alerted a small group of insiders in a clean up effort it called "Project Sierra." The I.T. employees brought in were told they were working on a large breach at an anonymous client. That group, "Project Sparta," included Ying.

  • “On the phone with [global CIO]. Sounds bad. We may be the one breached. . . . Starting to put 2 and 2 together,” Ying wrote in an email cited in the complaint.

The impact: Axelrod does not believe that a case with this much evidence against a defendant is likely to go to trial, and would be tough to sell to a jury or prosecutor. But the complaint does show Equifax had procedures in place to prevent some employees from trading on the information, suggesting that the company was "thinking clearly" about the trading issue.

Go deeper