Equifax says execs who sold stock after huge breach did nothing wrong

Equifax says execs who sold stock after huge breach did nothing wrong
Four Equifax executives sold a combined $1.8 million in Equifax stock in the days after the company discovered its huge data breach. (Justin Lane / EPA-EFE/REX/Shutterstock)

Equifax Inc., the credit reporting company that had a massive data breach this year, said a special committee has determined that none of the four executives who sold shares at the time did anything wrong.

The high-level executives sold shares worth a combined $1.8 million in the days immediately after the company discovered the breach, which exposed the personal information of some 145 million Americans.


When Equifax went public with the breach in early September, its stock plunged, erasing about $2.35 billion of its market value.

The company revealed that an ongoing cyberattack lasted from mid-May to July. Equifax said it detected the hack July 29.

On Aug. 1 and Aug. 2, Equifax Chief Financial Officer John Gamble and three other executives sold a combined $1.8 million in stock.

The company said Friday that a special committee composed of independent directors, and advised by an independent counsel, found that none of the executives had knowledge of the breach when their trades were made.

The committee's review included dozens of interviews and the scouring of more than 55,000 documents including emails, text messages, phone logs and other records.

The report Friday is unlikely to relieve pressure on the beleaguered company, which badly bungled the response to the hack.

Investigators will want to know how a breach of this size and scope could have occurred without the knowledge of some of the company's highest executives.

Faith in the leadership and the security of private information eroded in the weeks after the attack.

Anxious consumers experienced jammed phone lines and clueless company representatives. An Equifax website set up to help people determine their exposure was described as sketchy by security experts. The site provided inconsistent and unhelpful information to many. The company blamed the problems of an online customer help page on a vendor's software code after it appeared that it had been hacked as well.

High-level executives, including Chief Executive Richard Smith, have already stepped down.

The internal report did not appear to ease the apprehension of those who hold company stock. Shares were essentially flat Friday. That's because it is the Securities and Exchange Commission, the federal agency that enforces securities laws, that will have the final say.

SEC Chairman Jay Clayton has refused to comment when asked by lawmakers if executives at Equifax engaged in insider trading when they sold their shares. He has not confirmed or denied that the SEC is investigating.

Smith, the former Equifax CEO, has appeared before Congress to answer questions from lawmakers, but they were far from satisfied with the answers they received.

The Atlanta company is under multiple state and federal investigations and has been sued by numerous customers in litigation likely to evolve into class-action lawsuits.


What makes the data breach so dangerous is the information that Equifax holds. Social Security numbers, identification, addresses and personal information are held by Equifax and the two other major credit reporting companies. They use it to determine a person's creditworthiness.