2 min read

Manager who worked on Equifax's breach website sentenced for insider trading

Graham CLULEY

October 19, 2018

Manager who worked on Equifax's breach website sentenced for insider trading

In August 2017, Sudhakar Reddy Bonthu, a production development manager in Equifax’s software management team was given a project codenamed “Sparta.”

Bonthu’s bosses told him that the project was for one of the company’s clients, and involved building an online user interface that would allow the client’s own customer to determine if they had been put at risk by the breach.

Bonthu was not told the name of the client, but was informed that the project was a high priority and needed to be ready to go live by September 26th 2017.

Bonthu, however, didn’t need to be told the name of the client. He worked it out for himself.

While working on the project he received emails and participated in conversations that informed him the breach impacted at least 100 million consumers, and the personal information breached included first and last names, addresses, phone numbers, dates of birth, and social security numbers.

At the end of August 2017, Bonthu was also copied on an email that contained a test dataset file. The file was named “EFXDatabreach.postman_collection”

Bonthu deduced correctly that Project Sparta wasn’t about building a breach disclosure website for one of Equifax’s clients as his bosses had told him, but for Equifax itself.

Armed with the sensitive information, Bonthu used a brokerage account in his wife’s name and purchased 86 “put options” in Equifax stock – a direct breach of Equifax’s policies.

By buying “put options,” Bonthu could only make money if the market price of Equifax stock were to drop by September 15 2017.

Bonthu sold all of his put options on September 8, the day after Equifax announced its data breach had impacted approximately 143 million US consumers, sending its share price into freefall – and turning Bonthu’s initial investment of $2,166.11 into $77,333.79 in just six days.

44-year-old Bonthu, of Atlanta, Georgia, declined to co-operate with an internal Equifax investigation, and was subsequently fired.

The former development manager has avoided imprisonment, but has been sentenced to eight months of home confinement. In addition he was fined $50,000 and ordered to forfeit his profits from the insider trading.

“Bonthu intentionally took advantage of information entrusted to him in order to make a quick profit,” said US Attorney Byung Pak. “The integrity of the stock markets and the confidence of investors are impaired by those who use nonpublic information for personal gain.”

Bonthu is not the only Equifax employee to have been charged with insider trading in relation to the company’s data breach. In March, Equifax’s ex-chief information officer for its US information solutions business was charged after allegedly selling $1 million worth of stock, and eyebrows were raised last year after three senior executives sold a combined $1.8 million worth of Equifax shares just days after the credit reporting agency discovered the data breach.

tags


Author



Right now

Top posts

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

E-mails claiming your computer was hacked and your privacy exposed - what you need to know (spoiler: you can relax - they’re bluffing)

July 29, 2021

5 min read
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Supply Chain Attack Detected in PyPI Library Supply Chain Attack Detected in PyPI Library
Silviu STAHIE

August 02, 2021

1 min read
Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel Scam baiter Jim Browning bamboozled by scammers into deleting his own YouTube channel
Filip TRUȚĂ

August 02, 2021

3 min read
Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million Instagram influencer Hushpuppi admits his part in scams that stole more than $24 million
Graham CLULEY

July 30, 2021

2 min read