Equifax discovered on July 29th that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans and affecting around 700k UK customers. Then, just a few days later, several of its executives sold stock worth a total of nearly £1.4 million. When the hack was publicly announced in September, Equifax’s stock promptly tanked, which made the trades look very, very sketchy.
At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.
The report, prepared by a board-appointed special committee, concludes that “none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading.” The committee says it reviewed 55,000 documents to reach its conclusions, including emails and text messages, and conducted 62 in-person interviews.
“The review was designed to pinpoint the date on which each of the four senior officers first learned of the security investigation that uncovered the breach and to determine whether any of those officers was informed of or otherwise learned of the security investigation before his trades were executed,” the report states.
Equifax’s chief financial officer, John Gamble, sold 6,500 shares of his Equifax stock on August 1st. The investigation found that he had previously discussed the sale with a financial adviser because he wanted to pay for a home renovation. He didn’t hear about the hack until August 10th, according to the report.
Trey Loughran, Equifax’s president of US information solutions, initially requested approval for his stock sale on July 28th, one day before Equifax discovered the breach. He learned that Equifax was investigating some sort of security incident on August 13th, and didn’t hear about the details until later that month, the report claims.
Equifax’s president of workforce solutions, Rudy Ploder, sold 1,719 shares on August 2nd. Investigators found that he planned to use the money for a move to a new city, and that he learned about the hack on August 22nd.
The final executive involved in the trades, Douglas Brandberg, sold 1,724 shares on August 2nd. Like Ploder, he didn’t learn about the hack until August 22nd, according to the report. Brandenberg was not initially investigated, but the committee decided to review his trades after it expanded its investigation to include “all officers of the company.”
Equifax’s internal investigation into the hack itself is still underway. “The Special Committee continues to review the cybersecurity incident, the Company’s response to it, and all relevant policies and practises,” the committee said in a statement.