In September 2017, Equifax went public about a massive data breach that saw hackers steal information about 143 million US consumers – including names, addresses, social security numbers, and dates of birth. Later, the company confirmed that a further 15.2 million Brits also had their personal data breached.
Equifax became the butt of many jokes, as well as the target of some anger, when it was revealed that the company had waited 40 days before announcing it had been hacked, and that its IT team had known about the vulnerability exploited by the hackers as far back as March 2017, but for some reason failed to patch at-risk systems.
So, just what was Equifax doing during those 40 days between discovering it had been hacked and sharing the bad news with the world?
Well, now we know. Or at least what Jun Ying, the CIO of Equifax US Information Solutions, was doing.
Ying, who was next in line to be Equifax’s global CIO, realised that Equifax had suffered a security breach and used that confidential information – before the company’s public disclosure – to exercise all of his vested Equifax stock options, selling the shares for nearly US $1 million.
He would have sold them for a lot less if he had waited until details of the data breach had been shared with the rest of the world, says the Department of Justice:
“On Friday, August 25, 2017, Ying texted ..
Support the originator by clicking the read the rest link below.
