In 2017, Equifax, Inc., a credit-reporting firm, suffered a cyber-attack that resulted in a data breach that affected millions of customers. After the company disclosed that the identities of roughly 148 million individuals were compromised, the company continuously struggles to regain the trust of customers. In early 2018, after completing a forensic examination of the breach, Equifax disclosed that an additional 2.4 million people were impacted by the 2017 cyber-attack. The company explained that these additional individuals were not identified in the first investigation because the search only focused on individuals who had their Social Security numbers compromised. The additional names were revealed after cross referencing partial drivers’ license numbers that were stolen with internal and external sources. The newly impacted individuals will receive the same credit-monitoring and identity theft protection services paid for by Equifax, as those initially identified.
To make matters even worse, the Securities and Exchange Commission (SEC) charged an executive of Equifax with insider trading in March 2018. Jun Ying, an executive who was next in line to be named the company’s Chief Information Officer, exercised his stock options when he learned of the breach and sold the shares after learning of the breach. The SEC alleges that Ying sold his stock options before the company disclosed the data breach to the public, avoiding over $117,000 in losses. After learning of Ying’s violation of the antifraud provisions of the federal securities laws, Equifax dismissed him. Both the SEC and the United States Attorney’s Office of the Northern District of Georgia are pressing criminal charges against Ying.