A former Equifax executive faces insider trading charges for dumping nearly $1 million of company stock just days before the credit reporting company announced a massive data breach last summer.
The U.S. attorney in Atlanta said Jun Ying, 42, was indicted Tuesday by a federal grand jury on criminal charges. The Securities and Exchange Commission filed civil insider trading charges on Wednesday.
Ying, who was to become the company's next chief information officer, used confidential information to exercise his vested Equifax stock options and then sell the shares before the company publicly reported a breach that affected more than 145 million people, investigators said.
Because of the trades, Ying was able to avoid $117,000 in losses, the SEC said Wednesday. He sold the equivalent of $950,000 in stock.
He was the chief information officer of one of Equifax's business units and a leading candidate to take on the top CIO role at the company. The SEC said he was offered the global CIO job on Sept. 15, one week after the company disclosed the data breach and the day the sitting CIO resigned.
In a statement on Wednesday, Paulino do Rego Barros, Equifax's interim chief executive officer, said the company referred the matter to the government after an internal investigation and was cooperating with the U.S. Attorney and SEC. "We take corporate governance and compliance very seriously, and will not tolerate violations of our policies."
Lawyers for Ying told CNBC they aren't giving media interviews, citing the pending case.
Ying is not one of the Equifax executives who attracted attention for disclosing they had sold $1.8 million of stock just days after the company discovered security issues and weeks before it announced the intrustion.
In November, a special committee of Equifax's board found that the sales, by four executives, were not improper and that none of them knew about the security breach at the time of the sales. The executives were CFO John Gamble; Joseph Loughran and Rodolfo Ploder, who run two of its business units; and Douglas Brandberg, a senior staffer in investor relations.
Equifax has acknowledged it discovered suspicious activity in its system in late July. It didn't disclose the data breach publicly until Sept. 7.
In the interim, it hired an outside law firm to investigate the activity alongside its internal security department. "Project Sierra," as the investigation was known internally, subjected employees to a trading blackout period regarding the company's stock. A separate team, known as "Project Sparta" was set up to develop a customer website and staff up a call center. The Sparta employees were told they were working on a project for a client, the SEC said its lawsuit on Wednesday.
Ying wasn't a part of either Sierra or Sparta projects but found out about the Equifax breach through a series of internal communications in late August, in which he inferred that it was Equifax itself and not a client that was the subject of the breach, the SEC said.
In the next few days after those communications, Ying researched the stock moves of a competitor company after it announced a data breach. He exercised his Equifax options and sold the shares on Aug. 28, within an hour of researching the stock move in Experian after its September 2015 data breach, the SEC said.
Two days later, an executive told him it was Equifax that was the subject of the breach and advised him not to trade company stock. Equifax shares dropped 14 percent the day after the breach was made public.
Ying was offered the CIO job but that offer was rescinded after his trading activity came to light. In October, the company concluded he had violated its insider trading policy, and he agreed to resign.
Ying will be arraigned on the federal criminal charges later this week, according to Byung J. Pak, the U.S. Attorney in Atlanta.