After reporting a massive security breach in Equifax systems, during which cybercriminals managed to steal sensitive data of about 148 million U.S. customers, the company’s shares took a tumble on the stock market as their price fell from $142 to $93. However, there is proof that before this was happening, Jun Ying, a former Equifax executive and once “next in line to be the company’s global CIO," sold all the company’s shares for $1 million while knowing about the attack and before the announcement about it was made. It is estimated by doing so the accused avoided more than $117.000 in losses. Therefore, “U.S. Attorney’s Office for the Northern District of Georgia today announced parallel criminal charges against Ying.” Further, in the text, we will tell more about this latest news as well as talk about the security breach in Equifax systems and the consequences of it.
For starters, Equifax is a worldwide consumer credit reporting agency. It is said it collects and aggregates data of over 800 million consumers and over 88 million business organizations. The company’s systems were breached in late July 2017. Apparently, the cybercriminals were able to access sensitive customers’ data because of particular vulnerability in the software package Apache. The strange part is it seems the flaw was already known and had been fixed by Apache before the cyber-attack, but the Equifax did not hurry to apply the patch and remove the known vulnerability. The company’s security officials claim they “took efforts to identify and to patch any vulnerable systems in the company’s IT infrastructure,” but whatever they did was not enough. As a result, the hackers were able to access their customers' data and steal various sensitive information, such as social security numbers, driver’s license numbers, and so on. Such data was gathered from around 148 million U.S. customers, while details like names, birth dates, addresses, credit card numbers, and so on were taken from about 209.000 people. The reports also say some victims are from Canada and the United Kingdom too.
The worst part is that Equifax informed their customers about this critical security breach only in September 2017. Moreover, to help customers whose data might have been stolen the company decided to create a service accessible through a particular website where such people could check whether the cybercriminals took their data or not. However, to do so, the victims were asked to agree to a clause saying they will not join a class-action lawsuit against the company. Naturally, the customers were outraged and after it was made public Equifax decided to remove the mentioned clause and allow their customers check whether their information had been stolen freely. It seems to us this is the least they can do considering because of the company’s fault many customers’ sensitive information, such as social security numbers, could be compromised for life as it cannot be changed under any circumstances.
Furthermore, there were suspicions that some of the company’s executives might have known about the system’s breach while selling Equifax stocks before the public announcement was made. Nonetheless, after the investigation was made it appeared that John Gamble (Chief Financial Officer) who sold shares worth $946,374, Joseph Loughran (president of U.S. information solutions) who sold stock worth $584,099, and Rodolfo Ploder (president of workforce solutions) who sold $250,458 of stock on August 2017 sold only a small percentage of their shares and were unaware of the situation at the time. Nonetheless, one of the executives, Jun Ying is accused of engaging in insider trading as he sold a considerable amount of the company stocks for $1 million and by doing so, he most likely avoided more than $117.000 in losses. In the press release provided by the U.S. Securities and Exchange Commission (SEC), it is said the Jun Ying “allegedly used confidential information entrusted to him by the company to conclude that Equifax had suffered a serious breach.” Thus, Ying is accused of violating the antifraud provisions of the federal securities laws and as the mentioned press release states the SEC “seeks disgorgement of ill-gotten gains plus interest, penalties, and injunctive relief.”
All things considered, it is no wonder, Equifax reputation is now tarnished. The only hope remains other companies collecting sensitive customers data will learn from these events and never wait on removing vulnerabilities from the systems guarding private information. This incident also raised a discussion about the Social Security number’s usefulness and reliability. Some say this system is already outdated and in need of a replacement. Until a new method of personal identification is found, it is recommended to be extra cautious when submitting your Social Security number, although, given the described events, it becomes clear that trusting companies or institutions with such data becomes more and more difficult as while they claim your data will be safe, in reality, there are no reassurances.
References:
- Equifax hack: What we learned. FOXBusiness.
- Former Equifax Executive Charged With Insider Trading. U.S. Securities and Exchange Commission.
- Anders Melin. Three Equifax Managers Sold Stock Before Cyber Hack Revealed. Bloomberg.
- Equifax Board Releases Findings of Special Committee Regarding Stock Sale by Executives. Equifax Inc.
- Colin Daileda. Bad news for literally anyone with a credit card: there’s a good chance you just got hacked. Mashable.
- Equifax. Wikipedia.