Equifax discovered on July 29 that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans – and then just a few days later, several of its executives sold stock worth a total of nearly $US1.8 million ($2.4 million). When the hack was publicly announced in September, Equifax’s stock promptly tanked, which made the trades look very, very sketchy.
Former Equifax CEO Richard Smith prepares to testify before the Senate Banking, Housing and Urban Affairs Committee. Photo: Getty
At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.
The report, prepared by a board-appointed special committee, concludes that “none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading”. The committee says it reviewed 55,000 documents to reach its conclusions, including emails and text messages, and conducted 62 in-person interviews.
“The review was designed to pinpoint the date on which each of the four senior officers first learned of the security investigation that uncovered the breach and to determine whether any of those officers was informed of or otherwise learned of the security investigation before his trades were executed,” the report states.
Equifax’s chief financial officer, John Gamble, sold 6500 shares of his Equifax stock on August 1. The investigation found that he had previously discussed the sale with a financial adviser because he wanted to pay for a home renovation. He didn’t hear about the hack until August 10, according to the report.
Trey Loughran, Equifax’s president of US information solutions, initially requested approval for his stock sale on July 28, one day before Equifax discovered the breach. He learned that Equifax was investigating some sort of security incident on August 13, and didn’t hear about the details until later that month, the report claims.
Equifax’s president of workforce solutions, Rudy Ploder, sold 1719 shares on August 2. Investigators found that he planned to use the money for a move to a new city, and that he learned about the hack on August 22.
The final executive involved in the trades, Douglas Brandberg, sold 1724 shares on August 2. Like Ploder, he didn’t learn about the hack until August 22, according to the report. Brandenberg was not initially investigated, but the committee decided to review his trades after it expanded its investigation to include “all officers of the company”.
Equifax’s internal investigation into the hack itself is still underway. “The Special Committee continues to review the cybersecurity incident, the Company’s response to it, and all relevant policies and practices,” the committee said in a statement.