On July 29, 2017, Equifax reportedly discovered a massive security breach that occurred in mid-May to July that compromised approximately 143 million United States consumers or 44% of Americans. Cyber criminals accessed valuable, personal information, including social security numbers, birth dates, driver license details and credit card numbers. Incredibly, only three days after the company learned of the hack, three high ranking executives with Equifax sold shares totaling $1.8 million. Specifically, CFO John Gamble sold $946,374 in shares (13% of his shares), President of U.S. Information Solutions Joseph Loughran disposed of $584,099 of stock (9% of his shares), and President of Workforce Solutions Rodolfo Ploder sold $250,458 of stock (4% of his shares).
Although the sales took place after the Equifax data breach was discovered, a spokesperson for Equifax, Ines Gutzmer, stated that the executives “had no knowledge that an intrusion had occurred” at the time they sold their stock. This statement comes despite the fact that none of Equifax’s filings list the transactions as part of the routine 10b5-1 scheduled trading plans. As of September 14, 2017, Equifax’s stock has fallen 31% since the breach was disclosed, erasing approximately $5 billion in market cap. Given the questionable timing of the stock sales, many in the financial sector have called for a more detailed investigation regarding the knowledge of the executives at the time of sale. The U.S. Department of Justice has commenced a criminal investigation of the Equifax data breach and will look into the possibility of insider trading by the three top executives.
The impact of this massive data breach has caused New York Governor Andrew Cuomo to propose new regulations that would subject consumer credit reporting agencies to the same cybersecurity rules that the state recently enacted for banks and insurance companies.