The Securities and Exchange Commission announced today that they have charged a former Equifax CIO, Jun Ying, of alleged insider trading. According to the complaint, Ying exercised all of his vested Equifax stock options and then sold those shares for proceeds close to 1 million dollars before the public disclosure of Equifax's data breach

The complaint states that by selling the shares before the data breach was publicly announced, Ying was able to protect himself from over $117,000 in losses that would have occurred due to the plummeting stock price. These actions are considered securities fraud and illegal insider trading according to the SEC.

Plummeting Stock Price after Public Disclosure of Equifax Breach

As part of this case, the SEC is seeking to have Ying pay back the money, plus interest, that he saved by selling the shares before the disclosure, a civil monetary penalty, and a judgement prohibiting Ying from being employed as an officer or director of a publicly traded company.

The full complaint can be read here.

SEC warns execs not to trade stock while investigating security incidents

After the Equifax breach and the Intel Meltdown & Spectre vulnerabilities, the SEC issued new guidance on stock trading when having non-public knowledge of security incidents. This document was titled "Commission Statement and Guidance on Public Company Cybersecurity Disclosures" and contains updated guidance on how directors, officers, and other corporate insiders should not trade securities when they have knowledge of undisclosed security breaches or incidents.

Additionally, directors, officers, and other corporate insiders must not trade a public company’s securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company. Public companies should have policies and procedures in place to (1) guard against directors, officers, and other corporate insiders taking advantage of the period between the company’s discovery of a cybersecurity incident and public disclosure of the incident to trade on material nonpublic information about the incident, and (2) help ensure that the company makes timely disclosure of any related material nonpublic information. In addition, we believe that companies are well served by considering the ramifications of directors, officers, and other corporate insiders trading in advance of disclosures regarding cyber incidents that prove to be material. We recognize that many companies have adopted preventative measures to address the appearance of improper trading and we encourage companies to consider such preventative measures in the context of a cyber event.