Equifax headquarters, Atlanta Equifax headquarters, Atlanta (Photo: John Disney/ALM)

A former software developer who worked for Equifax before the Atlanta-based credit bureau announced a massive data breach last year has been charged with insider trading, federal prosecutors in Atlanta announced today.

Sudhakar Reddy Bonthu is scheduled to be arraigned Thursday, the U.S. Attorney’s Office for the Northern District of Georgia announced. Equifax fired Bonthu, 44, in March after he allegedly refused to cooperate with an internal investigation into whether he had violated the company’s insider trading policy, the U.S. Securities and Exchange Commission (SEC) said in a statement released Thursday.

The SEC filed a civil complaint against Bonthu on Thursday. Bonthu has already agreed to settle the SEC’s civil charges and accepted a permanent injunction to return his allegedly ill-gotten gains plus interest, the SEC announced.

The criminal prosecution is proceeding on a parallel track. Dockets for the cases have not yet been published, and there is no public record currently available as to whether an attorney has entered an appearance for Bonthu.

Bonthu is accused of trading in Equifax shares before the firm went public with news of the breach—which exposed personal and financial information of as many as 148 million consumers to hackers and fraudster—based on confidential information he received while creating a website for consumers impacted by the breach, according to the SEC.

Bonthu, a software engineering manager, alleged was told he was doing the work for an anonymous potential client, the SEC said. But Bonthu quickly concluded that Equifax was the victim of the breach, the SEC said. Bonthu then bought Equifax put options—which gives the purchaser the right to sell stock at a specified price by a predetermined date in apparent violation of Equifax policies, according to the SEC.

Equifax went public with news of the data breach on Sept. 7, 2017—within days of Bonthu’s alleged purchase, the SEC said. Equifax’s stock price plummeted nearly 14 percent at the news, according to the SEC. Bonthu then sold the put options, recognizing a return of more than 3,500 percent on his initial investment, the SEC said.

By then, Equifax had already imposed trading restrictions on the Equifax employees aware of the breach, according to court records in a parallel criminal case.

“As we allege, Bonthu, who was entrusted with confidential information by his employer, misused that information to conclude that his company had suffered a massive data breach and then sought to illegally profit,” said Richard R. Best, regional director of the SEC’s Atlanta office. “Corporate insiders simply cannot abuse their access to sensitive information and illegally enrich themselves.”

Bonthu is the second Equifax employee indicted by a federal grand jury in Atlanta on an insider trading charge. In March, Jun Ying, chief information officer for Equifax’s U.S. Information Solutions, allegedly used confidential information about the data breach to exercise his vested Equifax stock options and then dumped them for nearly $1 million, according to the SEC. Selling before the data breach became public avoided more than $117,000 in losses.

Ying’s defense attorney, Bryan Cave Leighton Paisner partner Joseph Burby has contended in court filings in the pending criminal case that Ying was not only not told of the data breach but that Equifax executives lied to him by telling him the work they sought from his team was related to a data breach involving an Equifax customer.

Burby conceded that, in a series of text messages exchanged on Aug. 25, 2017, Ying speculated that Equifax “may be the one breached” and said he was “starting to put 2 and 2 together.” Ying then conducted three internet searches of another company data breach that had occurred two years earlier, Burby said. The results of those searches showed that the other company’s stock share price had actually increased.