
Former Equifax employee indicted for insider trading - QUFB
https://www.justice.gov/usao-ndga/pr/former-equifax-employee-indicted-insider-trading
======
_nickwhite
While I'm quick to render my own verdict, especially in the tech realm where I
live, work, and play, I was glad the article included this:

"Members of the public are reminded that the indictment only contains charges.
The defendant is presumed innocent of the charges and it will be the
government’s burden to prove the defendant’s guilt beyond a reasonable doubt
at trial."

Trial by Internet and Guilty-by-default isn't a good world to live in.

~~~
jonknee
Either the CEO is incompetent and didn't know about a huge failure of his
organization or he's a criminal, either way the verdict of public opinion is
not going to be kind.

~~~
Jesus_Jones
It's very unlikely that he didn't know about the security problems, that
hadn't be released. I'd say about 99.9% chance that he knew. We know that it's
very tempting for otherwise intelligent people to fall victim to this, like
our favorite domestic lifestyle wallstreet-er CEO, Martha Stewart.

~~~
mulmen
Can you share the dataset you used to calculate the 99.9% probability? Do you
have experience with other CEOs in this kind of situation? Do you have inside
knowledge of Equifax? I'm not sure how anyone can be so certain in the absence
of evidence. Indeed this is the reason we put the burden of proof on the
accuser and assume innocence.

~~~
jonknee
Did you not read the press release? They have texts showing he was aware and
knew it was bad.

> On Friday, August 25, 2017, Ying texted a co-worker that the breach they
> were working on “Sounds bad. We may be the one breached.” The following
> Monday, Ying conducted web searches on the impact of Experian’s 2015 data
> breach on its stock price. Later that morning, Ying exercised all of his
> available stock options held at UBS Financial Services, resulting in him
> receiving 6,815 shares of Equifax stock, which he then sold.

~~~
nathan_long
That does look bad. However, it describes the CIO. You're responding to a
conversation about the CEO.

And again, innocent until proven guilty is a good principle, and we need to
let the justice system do its work.

~~~
jonknee
Typo on my part, the discussion is about the CIO.

------
zaroth
_On Friday, August 25, 2017, Ying texted a co-worker that the breach they were
working on “Sounds bad. We may be the one breached.” The following Monday,
Ying conducted web searches on the impact of Experian’s 2015 data breach on
its stock price. Later that morning, Ying exercised all of his available stock
options..._

Always nice when criminals express their intent to perform an illegal act on
3rd party services ahead of time.

I do always wonder where is the record of searches being held? A corporate
MITM saving all queries? Or are criminals logging into their Google accounts
before running queries on how to commit their crime?

~~~
ocdtrekkie
I would be kind of shocked if Equifax wasn't MITM'ing their internal web
traffic. Doing so is somewhat par for the course if you want to be able to
monitor and filter employee Internet activity, which most traditional
corporations with significant security expectations do.

That being said, browser history and Google Account history are both
reasonable places to look as well.

I am always a little amazed at the paper trail white collar criminals that get
caught leave. If you think you might insider trade on some information, maybe
you should talk to coworkers instead of texting them, and do your research on
a personal PC[1] in private browsing on a coffee shop Wi-Fi network somewhere.

(None of this should constitute endorsing the crime, it's just like... from a
privacy-minded standpoint... there's so much they could've done "better".)

[1]Honestly, if it's a six figure crime, why not a "burner PC". Buy a
Chromebook with cash, and leave it at Goodwill when you're done. The last bit
may even help soothe the guilty conscience a bit.

~~~
prewett
I'm guessing the paper trail is because it is not always obvious that it IS a
crime. Nobody tells you on your first day at work what constitutes insider
trading. At my first company, you got an email saying "you are now an
'insider' for SEC purposes" if you got important enough (so I heard, anyway).
Is it insider trading if you sell your stock because the new manager over the
division is terrible? Is it insider trading if you're working on a product
that you think is awesome, so you buy some stock? I'm guessing both of those
are not insider trading, despite that you are acting on information not
available to the public. From there it doesn't seem like too great of a leap
to not consider that news of the hacking you are working on is also not
insider trading.

If you asked me, "is it insider trading to sell stock because you know the
company has been seriously hacked and the price will drop once news gets out?"
I'd probably say "yes." But if I were in the situation myself, I'm not sure if
that question would occur to me.

~~~
Pokepokalypse
Insider trading is normal, routine, and rampant, across corporate America.
When people get caught, it's usually because another insider snitched; and
it's a standard part of dirty corporate politics.

At a company I used to work for, our CIO was found out to have lied about his
educational background on his resume; after working there 15 years. Another
board member had been sitting on this dirt for at least 5 years. He had hired
a PI to dig up things about the executive staff. It was his opening move on
pushing out the old execs, and replacing them with a more acquisition-friendly
line up. Then said board member cashed out.

We would frequently also see large blocks of stock traded the day before a big
earnings announcement. Only the executive staff would have had that
information. Us line employees all had stock options, but were never able to
take optimal advantage of price swings, because someone else was beating us to
it. We only had the public information. It is routine and the SEC does not
give a fuck, unless the case becomes high profile enough that the press will
write about it and make a stink.

------
bob_theslob646
This is the turn of a new era.

Someone who actually commits a securities crime goes to jail!

I hope this sends a message to Wall Street and CEO's that they are jail-able.

Cannot wait to see what happens when the SEC starts to look at people pumping
and dumping cryptocurrencies if the decide to regulate it besides ICO's.
([https://www.sec.gov/fast-
answers/answerspumpdumphtm.html](https://www.sec.gov/fast-
answers/answerspumpdumphtm.html))

~~~
Xixi
I work in a Hedge Fund: my first reaction reading this article was to wonder
how someone can be so stupid to even try something like that. Then I read your
comment and realize that in fact, the rest of the world (people not in
Finance) actually think that you can get away with this. He probably thought
that everybody is doing it, so why not? Well, turns out that no, you can't do
that, and yes, you can and will get prosecuted for it.

So no message sent to Wall Street, we got that memo a long long time ago.
Geeks thinking they know everything and disregarding all regulations, however,
should take a long, hard look at it. Finance and anything touching it (like
securities, which most crypto-currencies are) is very very very heavily
regulated.

~~~
tw04
I mean, at this point three of the four DID get away with it. Not to mention
we haven't heard a peep about the Intel CEO also selling stock prior to the
meltdown/spectre public announcements. So...

[https://www.cnbc.com/2017/11/03/equifax-special-committee-
sa...](https://www.cnbc.com/2017/11/03/equifax-special-committee-says-
executive-stock-sales-were-in-the-clear.html)

~~~
Xixi
I'm going to take the cynical approach: assuming that all politicians are
corrupt anyway, a newly elected senator might accept a huge amount of cash in
an envelope in exchange of legislation/contracts/whatever. That will make any
other senator laugh: you have to be way way way more sophisticated about it.
Be paid to do a talk at some random conference (after your term), get a nice
cozy seat at the board of said company you helped (after your term), etc.

If the article is correct, what this guy did is just plain stupid. But I'm not
claiming you can't get away with doing something similar with good enough
legal advice. This I do not know (IANAL).

~~~
pixl97
>: assuming that all politicians are corrupt anyway,

Why would the politician need money. After the change insider trading where
congress cannot be investigated, all you need to do it tip them off before
major news and they can make their own 'cash envelope'.

------
24gttghh
Okay, now what about the actual breach? No one gets in trouble for that and
nothing changes. If I missed something that did change, or where someone
actually did get in trouble, please enlighten me.

A suggestion to companies: stop using SSN's as usernames/passwords! Get rid of
the static numbers and give out encryption certificates or something!

~~~
notyourwork
Encryption certificates for grandma and grandpa? We need a solution that works
for everyone and until technology supports the mass it won't work.

I agree we need a new solution but we need one that works for everyone.

~~~
24gttghh
It doesn't have to be a literal alphanumeric cert in a text file. There could
be smart cards distributed, or an app people install on their phones for
identity verification. Or even just T/OTP from a phone app to allow credit
requests.

Whatever happened to one-time Credit Card numbers for use on a per-transaction
basis?

~~~
saagarjha
> an app people install on their phones for identity verification

I believe the consensus in the US that we _don 't_ want a form of national ID.
Hence the use of Social Security numbers as a proxy for identification.

~~~
fjsolwmv
So your SSN is your national id card

~~~
24gttghh
It is if you want to open a bank account or confirm identity to the IRS or any
other of the myriad services that seem dependent on it.

------
randomdrake
I didn't remember the CIO being implicated in dumping stocks. Sure enough, a
bit of Googling reveals that he wasn't among the original three that were so
widely reported.

Will be interesting to see if anything comes from the other executives who
dumped their stock:

* John Gamble, Jr. - Chief Financial Officer

* Rodolpho Ploder - Workforce Solutions President

* Joseph Loughran - Chief Marketing Officer

The series of events mentioned in the article say that he texted someone about
it before it happened, and that he was searching Google for stock price
information.

Maybe the other three didn't leave a clear enough trail or they just haven't
been charged, yet? I would hate to think that just dumping all of the charges
on the "tech guy" for everything would be what happens here.

~~~
gascan
_I would hate to think that just dumping all of the charges on the "tech guy"
for everything would be what happens here._

Remember when the entire worldwide VW cheating & coverup scandal was
uncovered, and it was blamed on a single engineer? Thank god there was a
preponderance of evidence that was bullshit- but it illustrated that exact
knee-jerk reaction nicely.

One can only imagine it works most of the time, otherwise they wouldn't try to
pull it every time.

------
nathantotten
The real test will be if the CEO of Intel faces this same punishment[1]. Seems
like this mostly gets enforced at lower rungs.

[1] [https://arstechnica.com/information-
technology/2018/01/intel...](https://arstechnica.com/information-
technology/2018/01/intel-ceos-sale-of-stock-just-before-security-bug-reveal-
raises-questions/)

------
Overtonwindow
What's unfortunate is that the government has largely been silent on the
culpability of Equifax executives, and the company as a whole.

~~~
dangoor
"Equifax may actually make money off this breach":
[https://www.marketplace.org/2018/02/28/tech/sen-elizabeth-
wa...](https://www.marketplace.org/2018/02/28/tech/sen-elizabeth-warren-
equifax-may-actually-make-money-breach)

------
swarnie_
>Chief Information Office

I;m assuming these trades needed to be registered in advance with the SEC and
he failed to do so?

Poor criminality from a C level employee

Ironically Equifax is only down around $15 a share from its close on the day
he sold. That's just over a $100k personal loss in unrealized gains, not a
huge amount for someone in his position.

Instead, if found guilty his career is over prematurely.

------
korethr
Not one of the original 3 execs reported, but that doesn't necessarily mean
that they're getting away with it. The SEC may well still be investigating the
original 3. In my observation, law enforcement tends to keep quiet about
ongoing investigations until they're ready to press charges.

We shall have to see if the original 3 execs get charged as well, or if
there's a reason why their sales weren't insider trading per the law.

------
bogomipz
Interesting I wonder why there hasn't been any action taken against the the
three senior executive that were previously reported to have done similar:

[https://www.bloomberg.com/news/articles/2017-09-07/three-
equ...](https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-
executives-sold-stock-before-revealing-cyber-hack)

~~~
fjsolwmv
The biz guys are smart enough not to write down evidence of their crimes.

------
kerng
It would be interesting, after this is off the table to see if there will be
any other implications for Equifax, because I'm worried personal data of
millions of Americanns floating around in public and noone is held
accountable. Has anyone an update on the latest status - is that case rested
and we all just live with it?

