Newsroom

March 15, 2018

Equifax CIO charged with insider trading; NAFCU reiterates need for data standard

A former chief information officer of Equifax this week was charged with insider trading in advance of the company's massive data breach announcement last September that exposed personal identifiable information of about 148 million U.S. customers. NAFCU continues to call on Congress to instate national data security standards – akin to those followed by credit unions – in an effort to curb future breaches.

The Securities and Exchange Commission (SEC) charged that Jun Ying, who was reported to be next in line to be Equifax's global CIO, used confidential information entrusted to him when he sold his Equifax stock shares and secured nearly $1 million in proceeds. According to the complaint filed by the SEC, because Ying sold before public disclosure of the data breach, he avoided more than $117,000 in losses.

The SEC reported that the U.S. Attorney's Office for the Northern District of Georgia announced similar criminal charges against Ying.

NAFCU has been active with lawmakers since the massive 2013 Target data breach stressing the need for a legislative solution to reform the nation's data security system.

Currently, NAFCU-sought draft legislation is being worked on by House Financial Services Subcommittee Chairman Blaine Luetkemeyer, R-Mo., and Rep. Carolyn Maloney, D-N.Y. The draft bill builds on provisions from the Data Security Act of 2015, which would have created a strong national data security standard for retailers, held them accountable for breaches on their end and recognized credit unions' compliance with the Gramm-Leach-Bliley Act.

NAFCU remains a leading advocate on this issue and is working to ensure that all entities that hold or collect consumers' personal financial information are held to similar standards as credit unions.