November 19, 2018

November 16, 2018

Subscribe to Latest Legal News and Analysis

You Might Be an Inside Trader If…You Trade on Your Unconfirmed Suspicions of a Cybersecurity Event Prior to Its Public Revelation or Disclosure

Earlier this year, the SEC released cybersecurity guidance addressing, among other things, the risk of insider trading in the event of a data breach. This risk comes in multiple forms, including the intruders trading on stolen information and insiders trading on the knowledge of the breach itself. The SEC demonstrated its willingness to address the latter situation in the recent insider trading case against Jun Ying, the former chief information officer of Equifax’s United States Information Systems business unit.

This past March, the DOJ indicted Ying with securities fraud and insider trading, while the SEC brought parallel civil charges. Upon discovering that it had suffered a major cybersecurity breach, Equifax immediately formed various response teams to address the breach. Only one of the teams was informed that Equifax was the victim of the breach. The other teams were told they were working on a “business” or “breach” opportunity for an unnamed client. Initially, Equifax instituted a trading blackout, but only for its employees who were told of the breach. Both the criminal indictment and the SEC complaint allege that Ying, who was not on the team that was informed of the breach, nonetheless concluded that the “unnamed client” was actually Equifax. The complaint and indictment both cite a text Ying sent to another employee stating that the breach “sounds bad” and “We may be the one breached . . . I’m starting to put 2 and 2 together.” Ying subsequently exercised all of his vested Equifax options and immediately sold those shares for approximately $950,000, thereby avoiding more than $117,000 in losses. The day after exercising his Equifax options, Ying was notified of the breach by Equifax’s counsel, and instructed not to trade on that information. An internal investigation conducted several months later revealed Ying’s trading and he was asked to resign.

Ying’s case stands out for two reasons. First, the CIO is facing civil and criminal liability not for trading on information he obtained, but for independently concluding his employer was the victim of a breach. Here, the SEC and DOJ are applying a broad interpretation of the insider trading knowledge requirement. Under Rule 10b5-1, a trade is “made ‘on the basis of’ material non-public information . . . if the person making the purchase or sale was aware of the material nonpublic information when the person made the purchase or sale.” As the CIO argued in his June 11, 2018 motion to dismiss, the indictment “describes little more than an employee who exercised options after being lied to by Equifax about the ‘material nonpublic information’ at issue.”

Second, the case illustrates the need for public companies to closely consider their procedures for responding to a breach, including their processes for issuing trading blackouts during investigation of the breach, and how and when to communicate with employees who are not part of the core incident response team. Equifax demonstrates that even careful planning cannot prevent inadvertent discovery of material non-public information. Public companies should also consider revising their incident response plans to include provisions for issuing trading blackouts — when to issue, to whom, by what process, and for how long. Companies should also consider revising their insider trading policies or offering additional employee training to address instances in which employees may obtain (whether directly or indirectly) non-public information regarding a potential data breach impacting the company or its customers.

Copyright © 2018, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Kari Rollins Intellectual Property Lawyer Sheppard
Partner

Kari M. Rollins is a partner in the Intellectual Property Practice Group in the firm's New York office.

Areas of Practice

Ms. Rollins focuses her practice on privacy and complex commercial litigation matters. She has successfully represented clients in the financial services, audit and accounting, food services, retail, and fashion industries before state and federal courts, as well as in front of state attorneys general, federal regulators, and U.S. and international commercial arbitration forums....

212.634.3077
Sarah Aberg Government Contracts Attorney Sheppard Mullin Law Firm New York
Associate

Sarah Aberg is an associate in the Government Contracts, Investigations & International Trade Practice Group in the firm's New York office.

Areas of Practice

Ms. Aberg’s practice encompasses securities regulation, compliance, and litigation as well as internal investigations and white-collar defense. She frequently represents broker-dealers and associated individuals who are the focus of SEC, FINRA, and other regulatory investigations. She has conducted numerous internal investigations into a wide variety of allegations, including insider trading, unauthorized trading, and other retail brokerage sales practice violations. Ms. Aberg has also represented banks, broker-dealers, securities professionals and individuals in connection with investigations and inquiries by the Department of Justice, FINRA, and the New York Attorney General’s and District Attorney’s Offices.

Experience

Representative Experience 

  • The Private Bank division of a global investment bank in connection with ongoing FINRA, SEC and state securities regulatory inquiries and investigations.
  • Senior mortgage finance professionals in RMBS-related investigations and litigations.
  • Financial advisors in connection with SEC investigation into Forex trading platform.
  • A securities broker in DOJ/SEC investigation regarding bond trading practices.
  • A federal savings bank charged with mortgage and securities fraud by the Manhattan District Attorney.
  • An international retailer in a federal civil asset forfeiture action concerning structuring allegations.
  • Skaarup Shipping International in successfully defeating a $50 million prejudgment attachment in the District of Connecticut.
  • CIT Financial Services, Inc. in a New Jersey arbitration over breach of contract.
  • General Dynamics Corp. in filings with the US. Maritime Administration.

Practices

  • Government Contracts, Investigations & International Trade
  • Litigation
  • White Collar Defense and Corporate Investigations
212-634-3091