Sudhakar Reddy Bonthu, a former software product development manager at Equifax, was sentenced to serve eight months home imprisonment over insider trading charges related to Equifax’s data breach last year.
According to the U.S. Justice Department, Sudhakar was penalized by the U.S. District Court Judge Amy Totenberg in Atlanta federal court for selling Equifax stock options in the wake of the company’s data breach announcement. He was fined for $50,000 and also ordered to pay $75,979 in restitution.
“Bonthu intentionally took advantage of information entrusted to him in order to make a quick profit,” said U.S. Attorney Byung J. “BJay” Pak. “The integrity of the stock markets and the confidence of investors are impaired by those who use non-public information for personal gain.”
According to the prosecutors, Sudhakar knew the breach announcement date was September 6, 2017. And on September 1, 2017, he used his wife’s brokerage account to buy 86 “put” options. He went on to make a profit of $75,000 after the share value plunged following the disclosure of the data breach on September 7, 2017.
“If we don’t hold company insiders to the same rules that govern regular investors, the public’s confidence in the stock market erodes,” said Chris Hacker, Special Agent in Charge of FBI Atlanta. “The FBI will do everything in its power to hold accountable those who choose to take advantage of their inside knowledge.”
On September 7, 2017, Equifax, the Atlanta-based consumer credit reporting agency, disclosed that its databases had been breached between May and June 2017, that hackers had gained access to Company data that potentially compromised sensitive information for 143 million American consumers, including Social Security numbers, credit card numbers and driver’s license numbers. Equifax discovered the breach on July 29, 2017, but had waited until after the close of trading nearly six weeks later to disclose the breach to consumers and Equifax’s investors, after hackers exfiltrated data for 76 days.
The Atlanta-based consumer credit reporting agency was charged with a fine of £500,000 ($660,000) by the Information Commissioner Office (ICO) for failing to protect the personal and financial data of customers. The Information Commissioner’s Office, which carried out the investigation, stated that Equifax had been warned about vulnerabilities in its systems by the US Department of Homeland Security in March 2017. However, Equifax failed to take proper steps to fix the vulnerabilities.