Securities and Exchange Commission

Yesterday, the Securities and Exchange Commission (SEC) announced an important administrative settlement with Altaba (Yahoo) related to the company’s failure to disclose a major security breach to its users and investors. Under the terms of the settlement, the company agreed to pay a $35 million civil money penalty to settle charges that it misled investors by failing to disclose one of the world’s largest data breaches in which hackers stole personal data relating to hundreds of millions of user accounts. Continue Reading Yahoo Settles Claims by SEC regarding 2014 Data Breach

The Equifax data breach saga continues, this time with civil and criminal charges for insider trading lodged against Jun Ying, Equifax’s former Chief Information Officer of its U.S. Information Solutions business unit. The criminal indictment pursued by federal prosecutors and the civil complaint filed by the Securities and Exchange Commission both allege that Ying exercised all of his vested stock options and sold them, for approximately $950,000, within mere days of learning of Equifax’s breach, and before the breach had become public. By doing so, he allegedly avoided more than $117,000 in losses.  They allege that, within three days of learning of the breach, Ying had begun googling—well, using Bing— to search for information about how much Experian’s stock had fallen after its breach back in 2015, and then executed his Equifax trades an hour later. Although Equifax had taken measures to prevent employees who knew about the breach from trading in its stock, somehow those measures had failed to prevent the trades by Ying.