Cybersecurity has become an issue of national importance in recent years as people entrust more and more personal information to various companies, and as other companies compile massive amounts of personal information from various sources. Businesses that maintain databases of personal information must take reasonable measures to keep this information secure, and they must also disclose cybersecurity breaches to affected people or the general public. In early September 2017, a major credit reporting agency (CRA) disclosed a hack that potentially compromised millions of people’s personal data several months earlier. The Department of Justice (DOJ) has reportedly opened an investigation into several of the CRA’s executives for alleged actions between the time the company learned of the breach and the time it announced it to the public. The investigation does not concern the breach itself but allegations that the executives sold stock in the company because of the anticipated impact of the announcement on the stock price. This is also known, in both federal and Texas white-collar criminal laws, as insider trading.Federal securities statutes do not identify “insider trading” as a distinct offense. The Securities Exchange Act of 1934 prohibits the use of “manipulative and deceptive devices” in connection with publicly traded securities, including stocks. 15 U.S.C. § 78j. The Securities and Exchange Commission (SEC) expounds on this provision in its regulations. Rule 10b5-1 states that it is a manipulative and deceptive device to buy or sell a publicly traded security “on the basis of material nonpublic information.” 17 C.F.R. § 240.10b5-1(a). Willful violations of these provisions by an individual can result in a fine of up to $5 million and a prison sentence of up to 20 years, 15 U.S.C. § 78ff(a), but the burden of proof for the state is substantial.
The CRA, Equifax, is one of the main agencies in the U.S. that collect and compile consumer credit information, using this information to generate credit reports and credit scores. The company reportedly experienced a massive cybersecurity attack between May and July 2017. During this time, hackers obtained personal information, including names, addresses, and Social Security numbers, for about 143 million people. (For the sake of scale, this is somewhat less than half the total population of the United States, or about equal to the population of Russia.) The company reportedly learned of the hack in late July but did not announce it to the public until early September.
After the announcement of the hack, Equifax’s share price reportedly dropped by more than a third over several weeks. Federal securities regulators apparently noticed, through regulatory filings, that several executives at the CRA had sold some of their stock in the company before the announcement. Specifically, they are investigating allegations that three executives sold $1.8 million worth of stock outside of any scheduled plans for stock trades.
In order to prove “insider trading” under Rule 10b5-1, the government must first be able to prove that the individual was “aware of the material nonpublic information” at the time of the exchange. 17 C.F.R. § 240.10b5-1(b). Even if the evidence shows this, many possible affirmative defenses are still available.
These blog posts are meant to be illustrative only. Unless expressly stated to the contrary herein, these matters are not the result of any legal work of Michael J. Brown, but are used to communicate a particular point of view. Michael J. Brown does not claim credit for any legal work done by any lawyer or law firm either generally or specifically, with respect to the matters contained in this blog.
Board-certified white collar crime lawyer Michael J. Brown has practiced in West Texas for over two decades, defending people against charges in state and federal courts. To schedule a confidential consultation with a knowledgeable and skilled criminal justice advocate, contact us today online or at (432) 687-5157.
More Blog Posts:
Commodities Trader Settles Federal Government’s Insider Trading Allegations, Texas Criminal Lawyer Blog, January 25, 2017
Supreme Court Denies Government’s Petition in Major Insider Trading Case, Texas Criminal Lawyer Blog, February 19, 2016
Nine People Indicted for Alleged Insider Trading, Using Information Allegedly Obtained by Hacking, Texas Criminal Lawyer Blog, October 30, 2015