On June 4, 2018, the Governor signed into law Public Act 18-90, An Act Concerning Security Freezes on Credit Reports, Identity Theft Prevention Services and Regulations of Credit Rating Agencies (the “Act”), likely in reaction to the Equifax breach among many others. The title of the Act leaves little to the imagination as to its subject matter.
The Equifax data breach saga continues, this time with civil and criminal charges for insider trading lodged against Jun Ying, Equifax’s former Chief Information Officer of its U.S. Information Solutions business unit. The criminal indictment pursued by federal prosecutors and the civil complaint filed by the Securities and Exchange Commission both allege that Ying exercised all of his vested stock options and sold them, for approximately $950,000, within mere days of learning of Equifax’s breach, and before the breach had become public. By doing so, he allegedly avoided more than $117,000 in losses. They allege that, within three days of learning of the breach, Ying had begun googling—well, using Bing— to search for information about how much Experian’s stock had fallen after its breach back in 2015, and then executed his Equifax trades an hour later. Although Equifax had taken measures to prevent employees who knew about the breach from trading in its stock, somehow those measures had failed to prevent the trades by Ying.