More People Charged After 2017 Equifax Hack

The massive data security breach of credit checking specialist Equifax back in 2017, continues to have legal implication five years later.

The US financial regulator, the Securities and Exchange Commission, announced on Tuesday that it has charged three individuals for illegally tipping and trading in the securities of Equifax, before the company announced it had experienced a massive data breach on 7 September 2017.

This is not the first time someone has been charged with insider trading over the breach.

In July 2019 Jun Ying, the former Chief Information Officer CIO of Equifax, was sent to federal prison for four months for insider trading over the matter.

Insider trading

Ying was also ordered to pay restitution in the amount of $117,117, and fined $55,000.

It should be noted that Ying was the second Equifax employee found guilty of insider trading relating to the data breach, following Sudhakar Reddy Bonthu, a former software engineering manager at Equifax, who pleaded guilty on 23 July 2018.

Now the SEC in its complaint, filed in the Northern District of Georgia, alleged that Equifax engaged a Chicago-based public relations (PR) firm in August 2017 to assist with handling the inquiries expected to be generated by the announcement of the intrusion and breach.

Ann M. Dishinger worked as a finance manager at the PR firm, learned about the Equifax breach through her position and tipped her significant other, Lawrence M. Palmer, with the nonpublic news.

Palmer then allegedly contacted a former business client and arranged for the client to purchase out-of-the-money Equifax put options in the client’s brokerage account with the understanding that the client and Palmer would split any trading profits obtained.

The SEC also alleges that Palmer tipped his brother and business partner, Jerrold I. Palmer, with the nonpublic news about Equifax disclosed to him by Dishinger. Jerrold Palmer then allegedly contacted a friend whom he had known since high school and arranged for the friend to purchase the same series of out-of-the-money Equifax put options in the friend’s brokerage account with the understanding that they too would split any trading profits obtained.

The SEC claims that the illegal trading by L. Palmer’s former client and J. Palmer’s friend netted approximately $35,000 and $73,000 in profits, respectively.

The SEC has charged both the brothers, along with Dishinger, with violating its anti-fraud rules.

Equifax breach

The Equifax breach back in September 2017 was a hugely damaging affair for the US credit checking agency.

The breach resulted in the theft of data belonging to 143 million US consumers (and 15.2 million British citizens).

Stolen data included names, addresses, social security numbers, and dates of birth.

What made the Equifax breach so damaging, was that the firm had actually discovered the breach back in July 2017 but waited 40 days before telling the world.

Even worse, Equifax’s IT team had known about the vulnerability exploited by the hackers as far back as March 2017, after a security researcher had warned the firm about its vulnerability to a cyberattack months before it actually suffered the breach.

This meant that there were personnel within Equifax’s senior management that knew of the breach long before the firm publicly declared the security incident.

The fallout from the Equifax breach triggered multiple investigations across the world.

The credit monitoring firm was hauled up before the US Congress, where former CEO (he had resigned over the matter) Richard Smith faced a serious grilling from US Senators.