Former Equifax Exec Charged with Insider Trading: Underscores Need for Trading Halt Plans

Patterson Belknap Webb & Tyler LLP

The Equifax hack has taken another twist – one that raises questions that every public company should consider.

Last week, federal prosecutors charged Equifax’s former Chief Information Officer, Jun Ying, with insider trading for allegedly dumping nearly $1 million in stock before the massive Equifax breach went public. He also faces civil charges filed by the U.S. Security and Exchange Commission (SEC).

The charges should serve as a cautionary tale for all public companies, underscoring the need for “prophylactic measures” to prevent insider trading before public disclosure of a data breach.

These are the first actions filed against a current or former employee related to the Equifax hack, in which the personal information of nearly 148 million U.S. consumers was compromised including Social Security numbers, dates of birth and addresses. We have extensively covered the continuing fallout of the Equifax breach, including most recently here.

In updated cybersecurity disclosure guidance issued by the SEC last month, the Commission highlighted the risk posed by insiders who trade securities between the time a breach is discovered and its public disclosure. As we noted in our recent client alert, the Commission “encourages” public companies to implement policies and procedures – including internal controls – to prevent trading on material non-public information relating to cybersecurity risks and incidents.

The guidance should spur companies to revisit their incident response plans, and if appropriate, consider imposing a temporary trading halt for insiders in defined circumstances. Companies would be “well-served,” suggests the SEC, by implementing a trading halt plan while investigating and assessing data breaches. The guidance recommends that companies adopt trading restrictions to avoid even the “appearance of improper trading during the period following an incident and prior to the dissemination of disclosure.” Such measures, according to the guidance, should be part of comprehensive efforts to ensure that codes of ethics and internal policies properly anticipate the heightened risk of insider trading during a breach incident.

The guidance also reinforces the SEC’s renewed prioritization of cybersecurity disclosure as part of its broader mandate to regulate the threats cybersecurity incidents pose to the financial system. The SEC, for instance, also warns against disclosing cybersecurity incident information selectively and reminds companies to disclose incident information on Form 8-K to manage the risk of selective disclosure. This updated guidance thus solidifies the SEC’s position that failing to maintain adequate cybersecurity controls poses a “grave threats to investors, our capital markets, and our country.”

The government’s charges against Ying allege that he sent a text message to a colleague, saying that the hack “sounds bad.” Ying then allegedly searched the web to research how Experian’s 2015 breach impacted its stock price. Ying – it is alleged – exercised all of his available employee stock options and then sold his shares, netting nearly a million dollars in proceeds before the breach was disclosed in September 2017. The trade avoided more than $100,000 is losses, it is alleged.

These charges are not connected to concerns that surfaced shortly after the breach was disclosed that some top Equifax executives had sold shares soon after Equifax first discovered suspicious activity in its systems in late July 2017. Those executives were cleared by an internal investigation conducted by the company. 

We will continue to monitor developments in this area.


DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Patterson Belknap Webb & Tyler LLP | Attorney Advertising

Written by:

Patterson Belknap Webb & Tyler LLP

Patterson Belknap Webb & Tyler LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.