2 min read

Manager who worked on Equifax's breach website sentenced for insider trading

Graham CLULEY

October 19, 2018

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Manager who worked on Equifax's breach website sentenced for insider trading

In August 2017, Sudhakar Reddy Bonthu, a production development manager in Equifax’s software management team was given a project codenamed “Sparta.”

Bonthu’s bosses told him that the project was for one of the company’s clients, and involved building an online user interface that would allow the client’s own customer to determine if they had been put at risk by the breach.

Bonthu was not told the name of the client, but was informed that the project was a high priority and needed to be ready to go live by September 26th 2017.

Bonthu, however, didn’t need to be told the name of the client. He worked it out for himself.

While working on the project he received emails and participated in conversations that informed him the breach impacted at least 100 million consumers, and the personal information breached included first and last names, addresses, phone numbers, dates of birth, and social security numbers.

At the end of August 2017, Bonthu was also copied on an email that contained a test dataset file. The file was named “EFXDatabreach.postman_collection”

Bonthu deduced correctly that Project Sparta wasn’t about building a breach disclosure website for one of Equifax’s clients as his bosses had told him, but for Equifax itself.

Armed with the sensitive information, Bonthu used a brokerage account in his wife’s name and purchased 86 “put options” in Equifax stock – a direct breach of Equifax’s policies.

By buying “put options,” Bonthu could only make money if the market price of Equifax stock were to drop by September 15 2017.

Bonthu sold all of his put options on September 8, the day after Equifax announced its data breach had impacted approximately 143 million US consumers, sending its share price into freefall – and turning Bonthu’s initial investment of $2,166.11 into $77,333.79 in just six days.

44-year-old Bonthu, of Atlanta, Georgia, declined to co-operate with an internal Equifax investigation, and was subsequently fired.

The former development manager has avoided imprisonment, but has been sentenced to eight months of home confinement. In addition he was fined $50,000 and ordered to forfeit his profits from the insider trading.

“Bonthu intentionally took advantage of information entrusted to him in order to make a quick profit,” said US Attorney Byung Pak. “The integrity of the stock markets and the confidence of investors are impaired by those who use nonpublic information for personal gain.”

Bonthu is not the only Equifax employee to have been charged with insider trading in relation to the company’s data breach. In March, Equifax’s ex-chief information officer for its US information solutions business was charged after allegedly selling $1 million worth of stock, and eyebrows were raised last year after three senior executives sold a combined $1.8 million worth of Equifax shares just days after the credit reporting agency discovered the data breach.

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read