Continuing consequences from the Equifax breach
Just when you might have thought the Equifax story had been long put to bed, the seventh greatest breach in history has more to offer.
While half of all breaches may be targeted at small businesses (according to CPO Magazine), the larger entities are the ones whose plots are likely to keep popping up from time to time. It was reported, back when Equifax was the big headline (and an even bigger disaster than my Knicks right now), that certain higher ups had suspiciously sold stock in the company just prior to the breach going public. Insider trading isn’t a subject that usually gets raised in cybersecurity news. For that matter, an executive going behind bars isn’t a consequence we usually hear about in these incidents, either. But that is exactly what former Equifax’s US CIO Jun Ying will be doing for the next four months, after being sentenced by the Department of Justice to a federal prison. In addition, he has incurred financial penalties of about $172,000 in total. Small change for someone who illegally sold his stock for nearly $1 million in the span of a few days, but not nothing.
Indeed, it’s the least consequence one can face for trying to take advantage of the 100 million plus whose data was put at risk. In truly low fashion, upon realizing the scope of the Equifax breach, and researching the share price ramifications of past incidents like Experian’s in 2015, Ying made his transaction. Several weeks later, Equifax would announce the breach to the world. He must have hoped that Equifax would stealth its way into the 90% of unreported US cybercrimes that year (based on Juniper Research figures).
US Attorney Byung Pak accurately summarizes this sleazy transgression, stating that Ying “abused the trust placed in him and the senior position he held to profit from inside information.” This level of official government consequence, and giving data privacy its due concern, stands in stark contrast to Georgia’s Supreme Court’s stance that rejects a duty to safeguard personal information. Small justices are thus welcome.
Global Markets Insights believes that over the next several years, cybersecurity will be at least a $300 billion industry; probably more. This vast sum is in direct proportion to the severity of the issue facing companies and consumers alike. Saying that the entities that handle the vast hordes of data don’t have a responsibility for it is not the answer.