Feb 24, 2016 - Annual 10K report - indicates only generic, boilerplate risks that a financial services company like Equifax should include in their SEC filing.
Jly 27, 2017 - Quarterly 10-Q filing with the SEC, indicating "There have been no material changes with respect to the risk factors disclosed in our
2016 Form 10-K."
Aug 1, 2017 - Chief Financial Officer John Gamble sells $946,374 in shares
Aug 2, 2017 - Joseph Loughran, President of US Information Solutions sells $584,099 in shares... and Rodolfo Ploder, President of Workforce Solutions, sells $250,458 in shares
Aug 17, 2017 - Rick Smith gives a presentation to the University of Georgia, discussing cyber security threats - and makes a memorable quote...
Sep 7, 2017 - Equifax admit to a massive data breach, impacting at least 143 million Americans, see here:-
Sep 7, 2017 - On the same day as admitting to the breach, Equifax also admit that 3 executive sold $1.8MM in shares between the breach being detected and the date it was made public. Crucially, despite Equifax claiming that the Executives had no knowledge of the breach, none of the three sales were part of planned, scheduled trading (i.e. were covered by 10b5-1 plans). In other words, these were spontaneous sales. See here:-
The crucial thing is, however, that in the above Independent article, published September 7th, is the statement,
"The Atlanta-based company said that that “criminals” exploited a US website application to access files between mid-May and July of this year - with the weakness said to have been discovered at the end of that month. "
Now, among the pieces of information we don't know are: 1) when, exactly, did the three executives sell their shares?; and 2) what internal discussions - i.e. board meetings, emails - were used to disseminate the information internally.
Obviously we're not told this, but the company will by now have received a "Preservation Order" from the SEC, requiring them to ensure that data pertaining to this event is not destroyed. Backup tapes will be pulled from cycles; current email folders will be locked; individuals will be warned that their documents are subject to such an order. Given the close proximity of events - we're talking days, not weeks or months - it should not be difficult to forensically re-create a very precise time-line.
So whilst the speech that Smith gave a the University of Georgia is going to be hugely embarrassing for him personally - and whilst the acknowledgements he makes in it will be very uncomfortable for the company - the really crucial evidence here is all about the timing. Understanding the truth behind the question, "Who knew what, and when", is going to make the difference between negligence and a criminal act.
Here is the key thing to bear in mind. That statement as reported in the UK Independent newspaper article that the breach came to light "at the end of July" is absolutely crucial. If there is enough evidence to suggest that persons within the company knew of the data breach *before* that 10-Q was filed, then I don't see how Smith and his co-directors can avoid jail time. The deciding factor [for me] is that the actual timing could very easily show conspiracy.
If there was a suggestion that a concerted effort was made to hold back the breach information until after the second quarter 10-Q, then it will not look good for the board. They are on the horns of a dilemma here. Either there was widespread knowledge of the breach and the three executives attempted of
I don't mean any disrespect and I don't mean to offend any US readers, or those in the US who helped create the Internet in the first place.
The thing is, the Internet has become a universal resource, used by people all across the world. Except that many of the global services - and many of the most popular web-based services - are delivered from the United States. In other words, Net Neutrality is simply not a US-specific topic, but one which has global impact.
Much as I am *VERY MUCH* in favour of self-determination, local accountability and democracy-in-action... in this specific case I think that the United States needs to recognise that the consequences of net neutrality have global potential impact. In other words, whilst I am very much in favour of the US retaining the current Net Neutrality legal protections, I don't think they go far enough. I think that Net Neutrality needs to be removed from the control of any single nation state - i.e. put beyond the reach of "local politics".
I accept that this might be an unusual way of looking at this problem, but let's put it another way... Suppose the FCC had the ability to make a decision which could directly degrade the quality of telephone conversations in the UK, or Germany, or China, or Australia. Or suppose a UK citizen wanted to speak to a family relative or friend in the United States, but was left experiencing atrocious line quality. Now imagine that the line quality in that conversation was being controlled by a major US telecoms company that was being paid to carry the call, but which had neither of the two end users as directly paying customers. There would be uproar if that telecoms company started to degrade that call quality just to force the other participants to pay them more money, especially when they had the capacity to offer a flawless service, but were deliberately degrading it so as to coerce their direct and indirect clients to pay more. This would be possible and legal [on the internet anyway] if the Net Neutrality laws are revoked.
I don't mean to offend US readers, but to be blunt: US telecoms companies should not be given the right to do that.
Slashdot Mirror
So - brief summary of timeline:-
Feb 24, 2016 - Annual 10K report - indicates only generic, boilerplate risks that a financial services company like Equifax should include in their SEC filing.
Jly 27, 2017 - Quarterly 10-Q filing with the SEC, indicating "There have been no material changes with respect to the risk factors disclosed in our 2016 Form 10-K."
Aug 1, 2017 - Chief Financial Officer John Gamble sells $946,374 in shares
Aug 2, 2017 - Joseph Loughran, President of US Information Solutions sells $584,099 in shares... and Rodolfo Ploder, President of Workforce Solutions, sells $250,458 in shares
Aug 17, 2017 - Rick Smith gives a presentation to the University of Georgia, discussing cyber security threats - and makes a memorable quote...
Sep 7, 2017 - Equifax admit to a massive data breach, impacting at least 143 million Americans, see here:-
http://www.independent.co.uk/n...
Sep 7, 2017 - On the same day as admitting to the breach, Equifax also admit that 3 executive sold $1.8MM in shares between the breach being detected and the date it was made public. Crucially, despite Equifax claiming that the Executives had no knowledge of the breach, none of the three sales were part of planned, scheduled trading (i.e. were covered by 10b5-1 plans). In other words, these were spontaneous sales. See here:-
https://www.bloomberg.com/news...
The crucial thing is, however, that in the above Independent article, published September 7th, is the statement,
"The Atlanta-based company said that that “criminals” exploited a US website application to access files between mid-May and July of this year - with the weakness said to have been discovered at the end of that month. "
Now, among the pieces of information we don't know are: 1) when, exactly, did the three executives sell their shares?; and 2) what internal discussions - i.e. board meetings, emails - were used to disseminate the information internally.
Obviously we're not told this, but the company will by now have received a "Preservation Order" from the SEC, requiring them to ensure that data pertaining to this event is not destroyed. Backup tapes will be pulled from cycles; current email folders will be locked; individuals will be warned that their documents are subject to such an order. Given the close proximity of events - we're talking days, not weeks or months - it should not be difficult to forensically re-create a very precise time-line.
So whilst the speech that Smith gave a the University of Georgia is going to be hugely embarrassing for him personally - and whilst the acknowledgements he makes in it will be very uncomfortable for the company - the really crucial evidence here is all about the timing. Understanding the truth behind the question, "Who knew what, and when", is going to make the difference between negligence and a criminal act.
Here is the key thing to bear in mind. That statement as reported in the UK Independent newspaper article that the breach came to light "at the end of July" is absolutely crucial. If there is enough evidence to suggest that persons within the company knew of the data breach *before* that 10-Q was filed, then I don't see how Smith and his co-directors can avoid jail time. The deciding factor [for me] is that the actual timing could very easily show conspiracy.
If there was a suggestion that a concerted effort was made to hold back the breach information until after the second quarter 10-Q, then it will not look good for the board. They are on the horns of a dilemma here. Either there was widespread knowledge of the breach and the three executives attempted of
I don't mean any disrespect and I don't mean to offend any US readers, or those in the US who helped create the Internet in the first place.
The thing is, the Internet has become a universal resource, used by people all across the world. Except that many of the global services - and many of the most popular web-based services - are delivered from the United States. In other words, Net Neutrality is simply not a US-specific topic, but one which has global impact.
Much as I am *VERY MUCH* in favour of self-determination, local accountability and democracy-in-action... in this specific case I think that the United States needs to recognise that the consequences of net neutrality have global potential impact. In other words, whilst I am very much in favour of the US retaining the current Net Neutrality legal protections, I don't think they go far enough. I think that Net Neutrality needs to be removed from the control of any single nation state - i.e. put beyond the reach of "local politics".
I accept that this might be an unusual way of looking at this problem, but let's put it another way... Suppose the FCC had the ability to make a decision which could directly degrade the quality of telephone conversations in the UK, or Germany, or China, or Australia. Or suppose a UK citizen wanted to speak to a family relative or friend in the United States, but was left experiencing atrocious line quality. Now imagine that the line quality in that conversation was being controlled by a major US telecoms company that was being paid to carry the call, but which had neither of the two end users as directly paying customers. There would be uproar if that telecoms company started to degrade that call quality just to force the other participants to pay them more money, especially when they had the capacity to offer a flawless service, but were deliberately degrading it so as to coerce their direct and indirect clients to pay more. This would be possible and legal [on the internet anyway] if the Net Neutrality laws are revoked.
I don't mean to offend US readers, but to be blunt: US telecoms companies should not be given the right to do that.