Equifax says that three company executives who sold stock just days after the company discovered a major security breach were not aware of the hack at the time.
On Thursday, the company disclosed a cyberattack that ran from mid-May to July. The attack exposed the Social Security numbers and other sensitive information of about 143 million Americans.
Equifax said it detected the hack on July 29.
On August 1 and August 2, Equifax Chief Financial Officer John Gamble and two other executives, Rodolfo Ploder and Joseph Loughran, sold a combined $1.8million in stock.
In a statement, the company said the executives ‘had no knowledge that an intrusion had occurred at the time they sold their shares.’
Equifax disclosed a cyberattack Thursday that ran from mid-May to July which exposed the Social Security numbers and other sensitive information of about 143 million Americans
Bloomberg News first reported the divestitures.
The sales effectively insulated the executives from a downturn in Equifax’s stock Thursday.
The stock dropped 13 percent in extended trading after the announcement of the breach.
Insider trading, or buying or selling shares based on information that is not available to the public, is a federal offense punishable by a maximum prison sentence of 20 years and a $5million fine, according to the Securities and Exchange Commission.
The Atlanta-based company said Thursday that ‘criminals’ exploited a U.S. website application to access files between mid-May and July of this year.
It said consumers’ names, Social Security numbers, birth dates, addresses and, in some cases, driver’s license numbers were exposed.
Credit card numbers for about 209,000 U.S. consumers were also accessed.
The company said hackers also accessed some ‘limited personal information’ from British and Canadian residents.
It said it ‘acted immediately’ with the assistance of an independent cybersecurity firm to assess the impact.
Equifax said it doesn’t believe that any consumers from other countries were affected.
To put the scope of the data breach in perspective, it affected well over a third of the population in America, which stood at 324 million as of January 1, 2017, according to the U.S. Census Bureau.
‘This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do,’ said company chairman and chief executive Richard Smith.
Equifax detected the hack on July 29, but did not reveal it to the public until Thursday. The company denied the three executives who sold the shares knew about the breach at the time. The above graph shows the precipitous drop in share price just after trading started Friday
‘I apologize to consumers and our business customers for the concern and frustration this causes. We pride ourselves on being a leader in managing and protecting data, and we are conducting a thorough review of our overall security operations.’
Equifax said it would work with American, British and Canadian regulators to determine appropriate next steps for customers affected in those countries, but added that it ‘found no evidence that personal information of consumers in any other country has been impacted.’
Equifax said it had established a website to enable consumers to determine if they are affected and would be offering free credit monitoring and identity theft protection to customers.
The company is the latest to announce a major breach.
Yahoo last year disclosed two separate cyber attacks which affected as many as one billion accounts.
More than 400 million accounts were affected by a breach disclosed last year at the hookup site Adult Friend Finder, and other firms affected in recent years included Heartland Payment Systems and retail giant Target.