Former Equifax CIO Charged With Insider Trading

OffTheLip writes: Jun Ying, a former CIO with Equifax has been charged with insider trading by the US Department of Justice. From the linked article:

Wednesday's announcement marks the first criminal charge brought in one of the largest data breaches in history. Ying, the former chief information officer for Equifax's U.S. information-solutions business, used confidential information entrusted to him by the company to determine it had been hacked, according to a separate complaint filed by the Securities and Exchange Commission.

ZDNet adds: According to a Justice Department statement, Ying sent a text message to a colleague two weeks before Equifax revealed the hack, in which he said the breach "sounds bad." Three days later, Ying searched the web to research the effect of Experian's 2015 own breach on its stock price. Later that day, Ying excised all his available stock options.

Incompetence and negligence

[sinij]

Insider trading on his own incompetence and negligence is criminal, but incompetence and negligence itself is not punished in any way.

Re:Incompetence and negligence

[jellomizer]

Just normal Incompetence is punishable, then we would all be in jail. Every day we are to push to areas where we havn't been before, and when doing something new or out of your comfort zone mistakes are made.
A Company CEO takes a lot of risks, and is constantly out of their zone. So their job demands them to be incompetent. If competent, then the company will stagnate and fall behind.
Mistakes are always made, now you cross the line when you use these mistakes to short sell the company your job is to help grow.

Re:Incompetence and negligence

[Hognoxious]

Fucking rubbish, as usual.

A surgeon does his best to save a patient, to no avail.

A surgeon operates while drunk, on the wrong patient, while he's upside down.

Are they the same thing?

Re:Incompetence and negligence

Up next, Intel's CEO?

Re: Incompetence and negligence

I sincerely doubt someone at that level would end up being a fall guy like this dummy.

Re:Incompetence and negligence

[tlhIngan]

Fucking rubbish, as usual.

A surgeon does his best to save a patient, to no avail.

A surgeon operates while drunk, on the wrong patient, while he's upside down.

Are they the same thing?

No, one is a guy doing his job and having bad luck. The latter is someone being negligent. Not incompetent. Incompetent would be said surgeon encountering something he was never trained for and trying his best to fix it, to no avail.

Incompetence is not having the skills or training when you encounter something - i.e., youre not competent.

Negligence is attempting to do something disregarding rules for safety and security (like being drunk)

Re:Incompetence and negligence

[albeit+unknown]

Negligence can include incompetence, if one knows of their incompetence and proceeds anyway. It could also include "should have known" - thinks they can do it, but are not certified in a sub-specialty, or training lapsed.

It wouldn't apply in extenuating circumstances, such as if the surgeon is drunk and the patient will be dead in 5 minutes with no other surgeon closer than one hour away.

Re:Incompetence and negligence

[fatwilbur]

The breach itself, though bad, I think could happen to a lot of companies even if the CIO is correctly funding and prioritizing security. With huge operations, it is really hard to know exactly what your risk exposure is and you don't know what you don't know about what holes are there.

The trading though - think about the buyers. He sold shares to dupes knowing that they would be worth less in a short time based on privileged knowledge he had because of his position. That's way more than incompetence, he's a downright douchebag and I'm glad it's illegal.

Re:Incompetence and negligence

[AmazingRuss]

We couldn't build enough prisons to hold those guilty of that.

Re:Incompetence and negligence

[Hognoxious]

The premise was that when you do something new you're by definition incompetent. This is bollocks, because there's still an existing body of knowledge that can be applied rather than chucking shit in the air and seeing how it lands.

You see innovative new buildings and bridges all the time. The vast majority of them don't fall down.

Re:Incompetence and negligence

[xxxLCxxx]

Up next, Intel's CEO?

Hopefully! You can hardly make it any more obvious than Krzanich. On top of it he lied and was caught doing so, too.
What more could they possibly need against him?

Re:Incompetence and negligence

[necro81]

Insider trading on his own incompetence and negligence is criminal, but incompetence and negligence itself is not punished in any way.

Considering that, ten years out, none of the Wall Street folks that caused the financial crisis have been convicted, let alone indicted, I will consider this Equifax development as a tiny sliver of progress.

Re:Incompetence and negligence

[sinij]

Breach of this kind could only happen as a result of negligence. There were no separate access control mechanism for the data, there was no protection of data at rest, and there was a known vulnerability in the system that they failed to patch for 6+ months. It just doesn't get any more textbook negligence than that.

Gee really?

[smithmc]

I am Jack's complete lack of surprise.

Re:Gee really?

His name is Robert Paulson.

Re:Gee really?

[Samurai+Nigel]

I am Jack's Broken Heart.

Forfeiture of assets?

So all those stock options are going to be seized and used to compensate everyone who suffered as a result of the breach right?

Maybe?

I wish they would bring back public stoning.

Re:Forfeiture of assets?

[slew]

So all those stock options are going to be seized and used to compensate everyone who suffered as a result of the breach right?

Maybe?

Although it is traditional that all the money the SEC collects simply goes to the US treasury, it is also possible for the money to be used to re-imburse other investors (under the Fair Funds for Investors provision of the Sarbanes-Oxley Act).

Of course this provision has rarely been used and is of no benefit to those that suffered from the breach (it only applies to investors).

I wish they would bring back public stoning.

So what other parts of Sharia law are you in favor of?

Re:Forfeiture of assets?

[iamhassi]

Sharia law has public stoning? Didn't know that, I just think it sounds like a good punishment for when idiots really screw up. Sure beats rewarding them with free wifi, free food, free gym and a comfortable stay for a few months or years like our "justice" system does now.

Re:Forfeiture of assets?

[ranton]

So let's see, he made some money off of stock options and you want to put him to death in a very painful barbaric manner. Does that about cover it?

I'm not saying I agree with stoning him, but don't make it sound like what he did is a victimless crime. He sold assets he knew were overvalued because the public was not yet aware of the breaches. That is not a victimless crime. After the news went public, the people he misled during the sale lost about $340k (although it has since recovered to the point where they would be down $110k today).

I don't think someone should be killed for effectively stealing over $300k, but it isn't something to be dismissed either.

Re:Forfeiture of assets?

Sharia law has public stoning? Didn't know that, I just think it sounds like a good punishment for when idiots really screw up. Sure beats rewarding them with free wifi, free food, free gym and a comfortable stay for a few months or years like our "justice" system does now.

Under Sharia law, 100 lashes followed by stoning is the proscribed (Hudud) punishment in cases of adultery committed by a married man or married woman. The stone shall not be so big so as to kill the person by one or two strikes, neither shall it be so small that it cannot be called a stone. The victim is intended to suffer.

FWIW, apparently under Sharia law, the proscribed (Hudud) punishment for theft over a certain value is simply public amputation of the hand. Qisas (revenge/retaliation) is also a proscribed punishment under certain circumstances which is basically and eye-for-an-eye punishment...

Re: Forfeiture of assets?

[Cederic]

It only takes one stone to kill.

Most victims of barbaric middle eastern practices don't enjoy that luxury.

Spoiler: slap on the wrist

Bring back the guillotine if you want this nonsense to end. It's going to have to get straight up French Revolution before the parasites stop sucking.

Close one

Thank goodness we have Clinton in office to prosecute this criminal. If Trump had been president his business friendly DOJ would have looked the other way.

Re:Close one

Thank goodness we have Clinton in office

Indeed. Also, today Clinton's ambassador to the UN Nikki Haley warned the world that Russia must be punished for its chemical weapon attack in London, warning that New York may be next. If Trump had been president the US government would have ignored or tried to downplay these events like the extremist right wing Jeremy Corbin is doing.

Re:Close one

[Cederic]

There's been a chemical weapon attack in London?

I heard about the use of a nerve agent in Salisbury, wasn't aware of the one in London. Surprised it hasn't been mentioned on the news.

Re: Close one

[geekmux]

That wasn't insider trading. Hillary went to a crooked stock broker who simply stole money from one client and gave it to another; he wasn't prosecuted by then Attorney General of Arkansas Bill Clinton for some reason.

Uh, knowing ahead of time that her husband wouldn't prosecute is likely just another form of insider corruption...

Drag them all out into the street

[Rick+Schumann]

Bring back the guillotine. Chop all their heads off, plant them on poles as a warning to the rest of the 'financial community' to NOT FUCK UP.
Like everyone else I'm sitting here wondering if the coin landed 'heads' or 'tails' so far as my entire identity having been stolen or not.

Re:Drag them all out into the street

[bobstreo]

Bring back the guillotine. Chop all their heads off, plant them on poles as a warning to the rest of the 'financial community' to NOT FUCK UP.

Like everyone else I'm sitting here wondering if the coin landed 'heads' or 'tails' so far as my entire identity having been stolen or not.

There could be a whole area of wall street dedicated to this display,,,

Re:Drag them all out into the street

[Tailhook]

as a warning to the rest of the 'financial community' to NOT FUCK UP.

The "rest of the 'financial community'" understands that the "FUCK UP" here was a traceable use of the Internet and text messages.

Re:Drag them all out into the street

[Rick+Schumann]

IDGAF what the Mechanism of Fuck-up was, I just want it to never happen again, no matter how many heads have to be severed to get the message across of how vitally important it is to LITERALLY EVERYONE.

Re:Drag them all out into the street

[Tailhook]

You're going to need a GULAG system.

Enjoy becoming the next legendary atrocity shitlord of our species.

Re:Drag them all out into the street

[Rick+Schumann]

Oh for fuck's sake.. overly-literal much?
I'm PISSED OFF about this. Who in their right mind wouldn't be?
Go away. You're no fun at all.

Re:Drag them all out into the street

[Rick+Schumann]

There we go. We need a "WALL OF SHAME" for these types. Pictures, names, addresses and phone numbers. Never let them forget.

Re:Drag them all out into the street

[rtb61]

In this case, heads or tails, did someone at the company exercise their stock options in the months prior to the hack and short the stock too boot. How about deposits in an offshore bank account by a competitor. Hacking another tech company is proving to be a sure way to major profits, shorts, gained market share, good luck, with the board and the executive team the last to be trusted. It will get messier from here on in.

Re:Drag them all out into the street

[Cederic]

I'd rather be no fun than execute someone for being an idiot.

You'd rather have fun killing someone. Seek medical help.

Re:Drag them all out into the street

[necro81]

The "rest of the 'financial community'" understands that the "FUCK UP" here was a traceable use of the Internet and text messages.

Indeed. The rest of the financial community is probably shaking their heads at this guy's fuck up, which amounts to 1) getting caught and 2) selling his stock instead of just waiting for his golden parachute.

Re:Drag them all out into the street

[geekmux]

Bring back the guillotine. Chop all their heads off, plant them on poles as a warning to the rest of the 'financial community' to NOT FUCK UP.

Those in charge of the financial community would simply hire designated head-rolling scapegoats as a response, and continue with their fuckery.

Arrogance

[amiga3D]

Total arrogance is a kind of stupidity. This ass assumed he could get away with this crap because he's "special." The problem is, the stock market is one of the few places where elites get burned just like anyone else. If you blatantly screw the system the system will screw you no matter who you are. Martha Stewart found this out. She got caught up in insider trading and although the Feds case against her was weak they managed to put her in jail for lying to investigators. If you fuck with the sacred cow of Wall Street they will fuck you back.

Former CIO?

[140Mandak262Jamuna]

So this is the person replaced by the Music Major, right?

And this guy is so inept he left behind an audit trail while planning to do some insider trading.

How did anyone this incompetent rise to that level on such a critical position in the company? Just yesterday I interviewed a PhD candidate has published six papers as first author, fantastic work that must have taken couple of years of relentless of toiling. Whether I hire him or neither he nor a legion of candidates like this are struggling to get 100K jobs. And this doofus gets to be the CIO with stock options and million dollar pay benefit packages...

Re:Former CIO?

It is easy to be a CIO.

First, work in tech for a few years.
Second, find a company that has never outsourced. Middle market banks make good targets. Middle Market health care too.
Third, layoff and outsource.
Fourth, put in linked in how you saved millions.
Fifth, get CIO job at fortune 500 just before #3 backfires and your downtime hits twitter.

Re:Former CIO?

[Actually,+I+do+RTFA]

And this guy is so inept he left behind an audit trail while planning to do some insider trading.

Hey, leaving an audit trail is part of his job!

Re:Former CIO?

[blind+biker]

How did anyone this incompetent rise to that level on such a critical position in the company?

The most important attribute to get to such CxO positions is to be manipulative and able to lie without the slightest pang of conscience. Competence is totally irrelevant.

Re:Former CIO?

[Cederic]

No, the music major was the CISO, not the CIO. Different roles, and frequently (but I don't know at Equifax) the CISO will report in to the CIO.

What happened to ...

[whoever57]

What happened to all the BS about the execs' trading activity being normal pre-planned sales? Obviously that was a lie.

Re:What happened to ...

[Luthair]

Well there were 4 other C-level executives who also traded who have not been charged. Even if they don't have a smoking gun its impossible to believe they weren't aware there were problems.

Re:What happened to ...

[freeze128]

Maybe the DOJ will plea bargain down the charges if this guy indicates that the other execs knew about the breach before they sold their stocks.

And his punishment will be ...

[fahrbot-bot]

... having is credit history maintained by Equifax.

Others got by just fine...

[edi_guy]

From Bloomberg article: "Three Equifax Inc. senior executives -- Chief Financial Officer John Gamble, and unit presidents Joseph Loughran and Rodolfo Ploder -- sold shares worth almost $1.8 million in the days after the company discovered the breach. Equifax has said those three executives had not been informed of the incident when they initiated the sales."

Sounds like his bosses found themselves a patsy.

Excised?

[Michael+Woodhams]

"Later that day, Ying excised all his available stock options."
Excise: to remove by cutting
Exercise: an action or actions intended to improve something or make something happen
(both from https://dictionary.cambridge.o...

As I understand it, to exercise a stock option would be to pay the option's strike price and take possession of the shares. This would not in itself be of benefit if you expected the share price to fall, but it would be a necessary step prior to selling the shares. To excise stock options means nothing to me, but it might be some jargon I am unaware of.

Here is more context from the ZDNet story:

Jun Ying, who was slated to become the company's next chief information officer, allegedly used confidential information that the company's systems had been hacked to sell his stock before the news was made public.

According to a Justice Department statement, Ying sent a text message to a colleague two weeks before Equifax revealed the hack, in which he said the breach "sounds bad." Three days later, Ying searched the web to research the effect of Experian's 2015 own breach on its stock price.

Later that day, Ying excised all his available stock options.

The former executive made more than $1 million from the sale, according to a federal complaint, avoiding more than $117,000 in losses.

The word "own" in "the effect of Experian's 2015 own breach on its stock price" lends weight to the hypothesis that ZDNet has lousy editing and meant "exercise".

He probably cost the ruling class

[rsilvergun]

some actual money. That seems to be the only thing that gets anyone in trouble. That or embarrassing them in front of the rubes in the working class (ala Martin Shkreli, whose conviction everybody on the left is doing a victory lap over meanwhile the drug price is still 5000% what it was).

Anyway, talk to me when a) he does jail time and b) we see meaningful regulations to prevent this sort of thing from happening again.