Equifax Manager Pleads Guilty to Insider Trading
Cyber security is a topic which is front and center, not just as a compliance issue but for being prepared to manage a hack and the multiple issues such an event creates. The huge hack at Equifax, Inc. is a prime example. There, in the summer of 2017, the personal information of about 145,000 customers was compromised, presenting the firm with significant issues. One of those issues was insider trading. U.S. v. Bonthu, No. 11-cr-00237 (N.D. Ga. Filed June 28, 2018).
Sudhakar Reddy Bonthu was a software development manager and a member of Equifax’s Global Consumer Services team. In the summer of 2017 the manager was given information regarding the massive breach by his employer, although he was not specifically told about the hack. Indeed, the firm took steps to cabin that information. On August 25, 2017, however, Mr. Bonthu was told that the target date for publically announcing what happened was September 6, 2017.
Through his position at the firm Mr. Bonthu learned other information about the breach. By the end of August 2017, for example, he understood that the personal information of numerous customers had been compromised. Specifically, he learned that the names and social security numbers for at least 100 million customers had been compromised. He also received a work related email about the breach with a file attached titled “EFXDatabreach.postman_collection.” EFX is the ticker symbol for Equifax stock.
On September 1, 2017 Mr. Bonthu purchased 86 put options in Equifax stock. The expiration date was September 15, 2017. His employer announced the data breach six days later on September 7, 2017. The share price of Equifax stock fell the next day. Mr. Bonthu was able to exercise his put options, realizing a profit of more than $75,000.
This week Mr. Bonthu pleaded guilty to insider trading charges. Sentencing is scheduled for October 18, 2018. See also SEC v. Bonthu, (N.D. Ga. Filed June 28, 2018).