The U.S. Securities and Exchange Commission (SEC) said Sudhakar Reddy Bonthu, 44, of Cumming, Georgia, figured out on his own that the website he was building was for a massive security breach at Equifax, the very company he worked for.
That site was 'equifaxsecurity2017.com,' where Equifax sent everyone to see if they were affected by that huge 2017 security breach, in which personal data for more than 145 million users was hacked.
In addition to the eight months of home confinement, Mr. Bonthu is also responsible for restitution of funds, somewhere in the neighborhood of that $75,000 figure.
In August 2017, Equifax managers told Bonthu he had been recruited to work on an internal project named Project Sparta. Managers didn't provide Bonthu with details about the project, but they said the company was handling a security breach for a high priority client that was going public with news of a breach the next month, in September 2017.
Bonthu was ordered to create the online interface through which that company's customers would be able to query a database and see if they were affected.
The SEC said in an indictment that Bonthu realized on his own --based on test data and discussions on internal mailing lists-- that the secretive Project Sparta client was, in reality, his employer.
The SEC said that Bonthu abused this information and used his wife's brokerage account to buy 86 "put options" in Equifax stock worth $2,166.11. Bonthu's stock options would come through if Equifax's stock had gone below $130 per share by September 15.
As expected, Equifax stock plummeted after the company disclosed its breach on September 7, 2017, and stock price reached $123.23 on September 15, netting Bonthu $77,333.79 (profit of $75,167.68), a 3,500 percent increase on his investment.
Bonthu's transactions came to light after Equifax started internal investigations into several reported cases of employee insider trading.
The company fired Bonthu in March 2018 after he refused to cooperate with their investigation. He previously worked at Equifax since September 2003.
ZDNet has links to all the court documents.
Equifax is not your friend.
For hackers, biometric data is the Holy Grail.
A new data leak could affect almost every single American, perhaps more than Equifax’s massive 2017 data breach of nearly 150 million individuals. Earlier this month, the renowned security researcher Vinny Troia announced that he discovered an unsecured database containing around 340 million individual records. According to Troia, the database included profiles of a few hundred million Americans belonging to Exactis, a Florida-based marketing and data-aggregation firm.
If you've had your identity stolen or if you're worried about having been doxxed by Equifax, you can freeze your credit record, and then Equifax, Experian, Trans Union and Innovis will block any requests to access your credit report. But that doesn't really matter. Equifax operates a secondary, noncompliant credit bureau called National Consumer Telecommunications and Utilities Exchange (NCTUE), on behalf of a secretive cartel of owners led by AT&T, but also including mysterious organizations like "Centralized Credit Check Systems."
Looks like Democratic Senator Heidi Heitkamp is getting her wish. After demanding that "somebody needs to go to jail" during a Congressional hearing about the Equifax breach late last year, the Department of Justice on Wednesday charged Jun Ying, the former chief information officer of one Equifax business unit, with insider trading, claiming he knowingly sold shares before the company revealed a massive data breach last year.
Credit score provider Equifax has identified another 2.4 million of its US customers who had their names and partial driver’s licence information stolen in a massive data breach last year. This adds to 145.5 million Americans who are known to have had their social security numbers compromised. The company said they will “notify these newly identified U.S. consumers directly, and will offer identity theft protection and credit file monitoring services at no cost to them,” in a statement released Thursday.
A leaked set of disclosures made by Equifax to the US Senate have revealed that the breach of 145.5 million Americans' sensitive financial data was even worse than suspected to date: in addition to data like full legal names, dates of birth, Social Security Numbers, and home addresses, it appears that Equifax also breached drivers' license numbers and issue-dates.
Credit reporting agency Equifax in September revealed that a data breach had left the information of 145 million customers exposed. The company waited weeks before disclosing the incident to the public, during which time three executives sold nearly $2 million worth of the company’s shares.
Mick Mulvaney, head of the Consumer Financial Protection Bureau, has pulled back from a full-scale probe of how Equifax Inc failed to protect the personal data of millions of consumers, according to people familiar with the matter. Equifax (EFX.N) said in September that hackers stole personal data it had collected on some 143 million Americans. Richard Cordray, then the CFPB director, authorized an investigation that month, said former officials familiar with the probe.
OK, brace yourself: the US Senate just made it harder for Americans to sue banks. I know, I know. I can hardly believe it either. But it’s true.
Our IP Address: