Equifax Investigation Clears Execs Who Dumped Stock Before Hack Announcement

An anonymous reader quotes a report from Gizmodo: Equifax discovered on July 29th that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans -- and then just a few days later, several of its executives sold stock worth a total of nearly $1.8 million. When the hack was publicly announced in September, Equifax's stock promptly tanked, which made the trades look very, very sketchy. At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.

The report, prepared by a board-appointed special committee, concludes that "none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading." The committee says it reviewed 55,000 documents to reach its conclusions, including emails and text messages, and conducted 62 in-person interviews. "The review was designed to pinpoint the date on which each of the four senior officers first learned of the security investigation that uncovered the breach and to determine whether any of those officers was informed of or otherwise learned of the security investigation before his trades were executed," the report states.

The report, prepared by a board-appointed special

[ChoGGi]

Clears Execs (not like anyone expected anything different).

So these supposedly important members of the company weren't (officially) notified or found out about this July 29th hack till August 10th?
I assume they were notified of the previous March hack, and how it had yet to be disclosed?

Pre-Enter Sell orders

[mysidia]

How about if you are an executive, then for every quarter you Pre-Enter a Sell Order assuming something bad will happen.... If you don't learn of anything catastrophic happening, then cancel or modify your sell order before it occurs and/or before it has to be reported.

Any investigation will basically always show you knew nothing about what the bad thing was at the time you created the order ----- Because it's what you knew when you failed to cancel your order as otherwise intended that matters.

Re: yeah...

Pff I wouldn't clear the President of Information Solutions for that. He was in the direct line of command here. He would've had the ability to uncover the breach before it was initially reported. He could easily have been informed by a nervous technician, unofficially, because who would report this sort of thing by official channels when the news is this bad?

So yeah, he learns there's some anomalies in the logs. Suspects there's been a breach. Gets approval for stock sale because hey, no one knows yet. Then he triggers an official review. Keep in mind *something* triggered the discovery of the breach. It sure as hell wasn't a routine action that uncovered it, given initial intrusions were done in March and it was only "discovered" July 29.

Now he's got his alibi. He couldn't possibly have known through any channels because no emails were sent and he got approval before there was any reason to believe there was anything wrong, right? And just to be safe, he isn't informed officially of the breach until August 10. A president-level executive. How could there possibly be any wrongdoing?

The most dubious part of this isn't that the stock was sold just before/after the breach was detected, btw. It's that executives weren't informed until 4 weeks after the breach was detected, and even the President of Information Systems wasn't informed until 12 days later.