Three Equifax senior executives sold stock before revelation of breach: report

Three Equifax Inc senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million US consumers, Bloomberg reported today.

The company said late yesterday that they had not been informed of the incident.

According to the credit-reporting service's earlier statement the intrusion was discovered on 29 July.

According to regulatory filings, on 1 August, chief financial officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of US information solutions, exercised options to dispose of stock worth $584,099. President of workforce solutions, Rodolfo Ploder sold $250,458 of stock on 2 August. None of the transactions is listed under 10b5-1 as part of scheduled trading plans.

The three ''sold a small percentage of their Equifax shares,'' Ines Gutzmer, a spokeswoman for the Atlanta-based company, said in an emailed statement. They ''had no knowledge that an intrusion had occurred at the time.''

Equifax shares plunged 13 per cent to $123.81 in early trading in New York on Friday.

''I don't know how the board will allow these executives to continue in their positions,'' said Bart Friedman, a senior counsel at Cahill Gordon & Reindel LLP, who advises boards on matters, including corporate compliance and enforcement challenges, Bloomberg reported. ''Yes, they should have a careful investigation and have an independent law firm interview the executives and review their emails and determine what they knew and when, but the end result is likely clear.''

Meanwhile, PR newswire said in a press release yesterday:
Equifax Inc today announced a cybersecurity incident potentially impacting approximately 143 million US consumers. Criminals exploited a US website application vulnerability to gain access to certain files. Based on the company's investigation, the unauthorised access occurred from mid-May through July 2017.  The company has found no evidence of unauthorised activity on Equifax's core consumer or commercial credit reporting databases.

The information accessed primarily includes names, Social Security numbers, birth dates, addresses and, in some instances, driver's licence numbers. In addition, credit card numbers for approximately 209,000 US consumers, and certain dispute documents with personal identifying information for approximately 182,000 US consumers, were accessed.  As part of its investigation of this application vulnerability, Equifax also identified unauthorised access to limited personal information for certain UK and Canadian residents. Equifax will work with UK and Canadian regulators to determine appropriate next steps.  The company has found no evidence that personal information of consumers in any other country has been impacted.

Equifax discovered the unauthorised access on 29 July of this year and acted immediately to stop the intrusion. The company promptly engaged a leading, independent cybersecurity firm that has been conducting a comprehensive forensic review to determine the scope of the intrusion, including the specific data impacted. Equifax also reported the criminal access to law enforcement and continues to work with authorities.  While the company's investigation is substantially complete, it remains ongoing and is expected to be completed in the coming weeks.