Former Equifax manager pleads guilty to profiting from data breach

Sudhakar Reddy Bonthu if Atlanta pleaded guilty a charge of insider trading.

Former Equifax manager Sudhakar Reddy Bonthu, who pleaded guilty to insider trading in July, was sentenced to house arrest and fines, and must forfeit thousands of dollars.

U.S. District Court Judge Amy Totenberg sentenced Bonthu on Oct. 16 to eight months of home confinement. He was fined $50,000 and ordered to forfeit $75,979.

Bonthu, 44, of Atlanta was facing up to 20 years in prison and a $5 million fine. 

He pleaded guilty on July 23 to profiting from a data breach that exposed the financial information of 145 million consumers in the summer of 2017. He was accused of purchasing options ahead of Equifax’s public announcement of the data breach.

U.S. Attorney Byung J. “BJay” Pak said Bonthu violated the law when he used his knowledge of Equifax’s data breach – in which hackers acquired consumers' names, Social Security numbers, birthdates and addresses – to enrich himself. 

“Bonthu intentionally took advantage of information entrusted to him in order to make a quick profit,” Pak said. “The integrity of the stock markets and the confidence of investors are impaired by those who use nonpublic information for personal gain.”

Chris Hacker, Special Agent in Charge of FBI Atlanta, said that the FBI will do everything in its power to hold accountable those who choose to take advantage of their insider knowledge.

“If we don’t hold company insiders to the same rules that govern regular investors, the public’s confidence in the stock market erodes,” Hacker said.

Investigators say that Bonthu, a software development manager for Equifax’s Global Consumer Services, was tapped by his employer on Aug. 25, 2017, to respond to the data breach ahead of its Sept. 6, 2017, announcement of the breach.

On Sept. 1, 2017, Bonthu bought 86 “put” options in Equifax stock that expired on Sept. 15, 2017, which allowed him to profit if the value of Equifax stock dropped within that two-week period.

When Equifax publicly disclosed the data breach on Sept. 7, 2017, its stock fell the next day. Bonthu then exercised his “put” options and netted a profit of more than $75,000. 

Hackers were able to access Equifax’s databases through a software hole from May to July 2017. When the breach was announced, the Atlanta-based company's stock dropped nearly $40 a share to $105.04 on Sept. 22, from $141.59 on Sept. 1.

Bonthu, who is not a U.S. citizen, also agreed to a list of conditions including surrendering his Indian passport, travel restrictions and not trading stock of any company for which he works.

If he violates any of the listed conditions, he will have to pay $20,000.

Richard R. Best, director of the Securities and Exchange Commission’s Atlanta Regional Office, says corporate employees cannot take advantage of their access to sensitive information and unlawfully benefit from it.

“Bonthu used confidential information to determine that his company had suffered a massive data breach and then violated company policy to illegally profit from it,” Best said.

Assistant U.S. Attorney Christopher J. Huber, deputy chief of the Complex Frauds Section, and Assistant U.S. Attorney Lynsey M. Barron prosecuted the case.