Financial regulation

Former Equifax manager is charged with insider trading for selling shares before data breach was disclosed

Sudhakar Reddy Bonthu allegedly made more than US$75,000 after betting that his company’s shares would fall when the breach was revealed

PUBLISHED : Friday, 29 June, 2018, 1:29am
UPDATED : Friday, 29 June, 2018, 1:29am

US securities regulators announced insider trading charges on Thursday against a former Equifax manager who sold shares in the company before it disclosed a giant data breach.

Sudhakar Reddy Bonthu, a product development manager at Equifax, allegedly netted more than US$75,000 after placing orders on September 1, 2017 betting that Equifax shares would fall, according to a complaint by the US Securities and Exchange Commission (SEC).

Six days later, the company announced one of the biggest data breaches ever, sending shares sharply lower.

“As we allege, Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit,” said Richard Best, director of the SEC’s Atlanta Regional Office.

“Corporate insiders simply cannot abuse their access to sensitive information and illegally enrich themselves.”

Credit-score company Equifax reveals hack that exposed up to 143 million customers

Bonthu, 44, a resident of Georgia, settled the SEC civil charges and agreed to return his ill-gotten gains plus interest, the agency said.

Bonthu has also been charged in a parallel US criminal case by the Department of Justice, the SEC said.

Equifax was hacked in March, but kept quiet for months, adding to an already troubling timeline

Equifax was hacked in March, but kept quiet for months, adding to an already troubling timeline

Bonthu is the second Equifax defendant in an insider trading case after authorities in March brought criminal and civil charges against former Equifax executive Jun Ying.

Key personal data, including names, Social Security numbers and dates of birth, were pilfered from more than 140 million Americans in the Equifax hack.

On Wednesday, the company agreed to new oversight requirements under a consent order with eight state regulators, including financial regulatory bodies in New York, Georgia and California.