Equifax internal report clears executives of insider trading

Saturday, November 4, 2017

In a report released yesterday the credit agency Equifax declared that it has determined that those among its executives who sold company shares after it was publicly revealed that Equifax databases had been compromised were not aware of the problem at the time.

When it became public knowledge that Equifax had been hacked, losing the social security numbers and other private information of many thousands of customers, the company’s stock dropped in value by a total of about $2.35 billion. Four Equifax executives including Chief Financial Officer John Gamble were found to have sold large amounts of stock in the company after the hack took place but before the public found out about it. The price was still relatively high, then and the stock was worth about US$1.8 million. Equifax launched an internal investigation to determine whether any of these executives were guilty of insider trading. An internal investigation with a specially appointed committee found that none of these executives had learned of the hack until after they had completed the sale, and a few of them had plausible reasons for wanting to sell assets. One of them wanted the money to renovate his home. Another sold stock to pay for a move to a different city.

The Canadian Press (CP) reported on September 19 that Credit Agency Equifax Canada acknowledged that 100,000 Canadian accounts had been breached when the company’s website was compromised earlier this year. On September 7 it was reported that 143 million Americans had been affected by the breach as well as an undisclosed number of Canadians and British citizens. The announcement followed a report on Friday that Canada’s privacy watchdog has started an investigation into the matter.

The data breach came to public attention only recently even though it happened earlier this year, when the Apache Struts servers that Equifax uses to store information were apparently not patched with security updates for some months, allowing hackers to take advantage of the vulnerability. The data was unsecured between May 13 and July 30 of this year. The breach only affected data stored in the United States. Equifax itself was unaware of the breach until July 29.

The announcement was made by Equifax Canada president, Lisa Nelson. Nelson apologized to Canadian consumers whose data were breached and stated that Equifax was unable to provide information until its own investigation is completed. Affected Canadians will receive instructions via mail from Equifax Canada. They will also receive the same benefits their American counterparts received at the beginning of this month. Even though the breach only affected data stored in the United States, Canadians without a social security number were excluded from Equfax’s offer to provide free access to files for year.

The chairman of the United States Securities and Exchange Commission (SEC) has declined to comment on the matter and has not said whether the SEC is investigating insider trading by Equifax executives. Equifax is the subject of many state and federal investigations surrounding the breach.

[edit]