Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security Businesses Crime Privacy The Almighty Buck

Equifax Investigation Clears Execs Who Dumped Stock Before Hack Announcement (gizmodo.com) 155

An anonymous reader quotes a report from Gizmodo: Equifax discovered on July 29th that it had been hacked, losing the Social Security numbers and other personal information of 143 million Americans -- and then just a few days later, several of its executives sold stock worth a total of nearly $1.8 million. When the hack was publicly announced in September, Equifax's stock promptly tanked, which made the trades look very, very sketchy. At the time, Equifax claimed that its executives had no idea about the massive data breach when they sold their stock. Today, the credit reporting company released further details about its internal investigation that cleared all four executives of any wrongdoing.

The report, prepared by a board-appointed special committee, concludes that "none of the four executives had knowledge of the incident when their trades were made, that preclearance for the four trades was appropriately obtained, that each of the four trades at issue comported with Company policy, and that none of the four executives engaged in insider trading." The committee says it reviewed 55,000 documents to reach its conclusions, including emails and text messages, and conducted 62 in-person interviews. "The review was designed to pinpoint the date on which each of the four senior officers first learned of the security investigation that uncovered the breach and to determine whether any of those officers was informed of or otherwise learned of the security investigation before his trades were executed," the report states.

This discussion has been archived. No new comments can be posted.

Equifax Investigation Clears Execs Who Dumped Stock Before Hack Announcement

Comments Filter:
  • yeah... (Score:5, Insightful)

    by Anonymous Coward on Friday November 03, 2017 @10:33PM (#55487501)

    ...right

    • Re:yeah... (Score:5, Insightful)

      by interkin3tic ( 1469267 ) on Friday November 03, 2017 @10:42PM (#55487531)
      Is there any way to find out how frequently execs sell their own stock and how much? Seems like you could prove whether or not its abnormal for execs to sell this amount in the period in which the company knew it had been hacked.
      • by jrumney ( 197329 )
        Trades by C level execs should all be listed in the public SEC filings [nasdaq.com]. Presumably that is how this became news in the first place.
        • Best practice would be for all potential insider traders (including Congress) to be forced to announce their trades (and place the orders) at least one full business day before the orders execute. No, they can't cancel or change their order if the market shifts in the meantime.
          • by jrumney ( 197329 )
            I thought actual practice was 2 or 3 weeks notice, but those SEC filings seem to be announcing trades that already took place after the fact, so it may not be public notice, or the rules changed in the past few years.
            • Re:yeah... (Score:5, Informative)

              by ShanghaiBill ( 739463 ) on Saturday November 04, 2017 @01:42AM (#55487909)

              The rules have not changed, but they are complicated. Sales of restricted stock must be pre-announced. Sales of unrestricted stock only have to be announced after the sale.

              There are proposals to require pre-announcements of all sales by people presumed to have insider info.

              • At which point, their barbers and second cousins and such will become very good at stock market timing -- for a very very narrow set of stocks.

                And will somehow feel an urge to give tens of thousands of dollars to their C-suite acquaintance/relative/whatever.

                That might be a bit obvious. Maybe something a bit more subtle, like returning the favor, or another one of similar value, at some future date.

          • By announcing this publicly the market WILL shift and typically down. It never looks good when the top managers drop a lot of stock at once. The much better way is to make it illegal for anyone in Congress or C level management of a publicly traded company to own any stock. Keeps them honest and forces the companies to pay them fully taxable salaries rather than company stock where gains are taxed much lower.
            • by Anonymous Coward

              Then they form a shell corporation which purchases the stock on their behalf. There's so many loopholes that these types of laws are unenforceable.

              What needs to happen is that the majority of people have to realize that this game is completely rigged, and pull out of it. A massive shakeout of the corrupt actors is required to start fresh where some trust can be placed back int the system.

            • by Anonymous Coward

              The government needs to not be in how people buy/sell stock in any way, shape, or form. You can see the poisonous taint of socialism, pure and simple. Thankfully, the wise men of Congress are removing this from our government slowly, but surely, be it far better tax laws in front of Congress, to letting the engines of economic growth do what they do best without the burden of excessive taxation.

              If they have stock, it is their right to sell it at any time. If the security breach was known about privately,

            • by geoskd ( 321194 )

              The much better way is to make it illegal for anyone in Congress or C level management of a publicly traded company to own any stock. Keeps them honest and forces the companies to pay them fully taxable salaries rather than company stock where gains are taxed much lower. Flag as Inappropriate

              How does that work for a founder of the company? Presumably one of the founders is going to own stock, and if the founders of the company can't be in leadership positions, the company will never get off the ground...

      • Re: yeah... (Score:5, Informative)

        by Anonymous Coward on Friday November 03, 2017 @11:31PM (#55487653)

        At least one requested approval a day before the hack. Those ones should be cleared immediately for obvious reasons.

        Equifax only allows executives to sell shares during certain windows. The window in question started 7/28. The hack was found 7/29. This is adequate to explain the rush of sales by executives.

        The sales were all less than 10% of what these guys held (VP of investor relations percentage is not specified).

        It's not impossible that this was shady, but it's also plausible that it was not.

        https://investor.equifax.com/news-and-events/news/2017/11-03-2017-124511096

        • Re: yeah... (Score:5, Interesting)

          by Anonymous Coward on Saturday November 04, 2017 @06:28AM (#55488333)

          Pff I wouldn't clear the President of Information Solutions for that. He was in the direct line of command here. He would've had the ability to uncover the breach before it was initially reported. He could easily have been informed by a nervous technician, unofficially, because who would report this sort of thing by official channels when the news is this bad?

          So yeah, he learns there's some anomalies in the logs. Suspects there's been a breach. Gets approval for stock sale because hey, no one knows yet. Then he triggers an official review. Keep in mind *something* triggered the discovery of the breach. It sure as hell wasn't a routine action that uncovered it, given initial intrusions were done in March and it was only "discovered" July 29.

          Now he's got his alibi. He couldn't possibly have known through any channels because no emails were sent and he got approval before there was any reason to believe there was anything wrong, right? And just to be safe, he isn't informed officially of the breach until August 10. A president-level executive. How could there possibly be any wrongdoing?

          The most dubious part of this isn't that the stock was sold just before/after the breach was detected, btw. It's that executives weren't informed until 4 weeks after the breach was detected, and even the President of Information Systems wasn't informed until 12 days later.

          • So yeah, he learns there's some anomalies in the logs. Suspects there's been a breach. Gets approval for stock sale because hey, no one knows yet. Then he triggers an official review. Keep in mind *something* triggered the discovery of the breach. It sure as hell wasn't a routine action that uncovered it, given initial intrusions were done in March and it was only "discovered" July 29.

            Reminds me of the argument that we do not really have free will. Typically, we are conscious of acts being acts of free will, or rather, we believe that they are. Yet before the act itself, the brain had accumulated the data and processed it, coming to certain beliefs. Then the action occurs.

            Example, I see a jar of pickles. I make the free choice to unscrew the lid, thereby opening the jar and having access to the pickles. If I was a caveman, I might be making the free choice to whack open the jar with a sm

        • One requested clearance the day before the hack was CONFIRMED.

          The hack itself was quite a while before that and confirmation follows suspicion. One needs to know if those suspicions had been communicated in any form to the people involved.

          As someone pointed out elsewhere, this is execs clearing execs. It doesn't mean the SEC won't investigate and decide otherwise.

           

        • The title for the story should be "Equifax Execs Absolve Themselves of any Wrongdoing". They set up the inquiry, of course it's going to find they did nothing wrong, that was the whole point of having it.
      • Is there any way to find out how frequently execs sell their own stock and how much?

        Here's a list [openinsider.com].

    • Re:yeah... (Score:5, Insightful)

      by SumDog ( 466607 ) on Saturday November 04, 2017 @12:11AM (#55487733) Homepage Journal

      No one executive from the 2008 financial collapse is in prison. 1% of Americans are in prison, more than any other country in the world.

      This is why your vote doesn't matter in America. The people don't dictate policies. The top 1% do. Everything else is a puppet show.

      • by Anonymous Coward

        There are some things that are shit in America, including your defeatist attitude. Not voting or thinking that your vote does not matter, is not a solution. Lets assume (for the duration of this post) that the voting machines were not hacked. 80,000 votes was the diffrence between HRC & Trump being president (Link below). 80,000...

        https://www.washingtonpost.com/news/the-fix/wp/2016/12/01/donald-trump-will-be-president-thanks-to-80000-people-in-three-states/?utm_term=.048fcfb633d6

    • And now an external investigation please, because, come on now, after all we are all friends... right?
    • I don't now why you're modded funny instead of obvious.

      There is no way you're going to convince me the stock sale had nothing to do with this.

      Even if there is evidence that they were planning to sell the stock before the "hack" was known I would still think they knew about the data breach before they admitted that they did.

      And that's BEFORE I even put my tin-foil hat on which suggests to me a whole host of other conspiracies some of which includes the idea that they intentionally leaked the data. That may

    • An internal investigation overseen by the jerks who are subject to that investigation. Take everything the managers own, throw them in jail, and close that entire company down. Any proceeds from sales of goods is to be distributed to the victims....without lawyers getting a huge cut as is the case in the class action suits.
  • Duh (Score:5, Insightful)

    by Anonymous Coward on Friday November 03, 2017 @10:33PM (#55487503)

    Equifax finds Equifax not guilty.

    • ... if these executives will be able to clear their records of these events in the Experian and TransUnion databases.

    • Well, if they really found themselves not guilty they wouldn't have even said they were hacked. Hacked? Us? Of course not because such an occurrence would mean we were fallible.

      Meta thought

      Equifax sits in judgment of ALL. Who is a good creditor? Ask Equifax.

      On the one hand, that makes Equifax a big target, and they probably beat off hackers with a stick.

      But Equifax is fallible

  • by ChoGGi ( 522069 ) <slashdot@choggi.org> on Friday November 03, 2017 @10:37PM (#55487515) Homepage

    Clears Execs (not like anyone expected anything different).

    So these supposedly important members of the company weren't (officially) notified or found out about this July 29th hack till August 10th?
    I assume they were notified of the previous March hack, and how it had yet to be disclosed?

  • No harm, no foul (Score:5, Insightful)

    by PopeRatzo ( 965947 ) on Friday November 03, 2017 @10:53PM (#55487547) Journal

    The internal investigation by Equifax cleared the Equifax executives of any wrongdoing when they sold their stock in Equifax just before the story about how Equifax was so sloppy with the personal data of millions of people who aren't even customers of Equifax that hackers were able to get all of it.

    Well, I guess that settles it. Surely, if there was wrongdoing, the internal investigation by Equifax would have found it and brought the wrongdoers to justice.

    Now watch me hit this drive...See that? Right in the middle of the fairway.

  • by Anonymous Coward

    "We have investigated ourselves and have found no evidence of any wrongdoing."

  • by Roger W Moore ( 538166 ) on Friday November 03, 2017 @11:12PM (#55487597) Journal
    These investigators were hired by the same board that hired a team of executives who had no clue about computer security and apparently had no idea that one of the largest failures of computer security ever had occurred several days earlier. With that sort of hiring record, I'm not sure I'd trust anyone they hired.
    • These investigators were hired by the same board that hired a team of executives who had no clue about computer security and apparently had no idea that one of the largest failures of computer security ever had occurred several days earlier. With that sort of hiring record, I'm not sure I'd trust anyone they hired.

      Trust? What the hell makes you think this has to do with trust?

      To give you an idea of just how fucked up the system really is, the board members are going to get rewarded for this, which is exactly why the only acceptable result was the fabricated bullshit we're seeing. The board investigated and found executives to be not guilty, and thus of the highest caliber, affirming an excellent capability to select only the best personnel to run a company. Golden resume fodder right there.

      Executives had no idea o

      • What fucking CIO wants to be kept in the dark about something like that?

        One that would like a chance to offload some shares before they tank?

        • What fucking CIO wants to be kept in the dark about something like that?

          One that would like a chance to offload some shares before they tank?

          Exactly. And yet the investigation results amounted to nothing more than a Jedi mind trick, which will most likely be accepted by other equally corrupt regulatory agencies doing subsequent investigations.

          Don't even know why we maintain moral and ethical regulations in business anymore. Not like anyone actually enforces them.

  • Shocked! (Score:2, Insightful)

    by Anonymous Coward

    "Internal investigation" by "board-appointed special committee" (how do I fit more quotes around that?).

    I, for one, am shocked they they found no wrong doing!

    • by ACE209 ( 1067276 )
      I think its not the number but the placement of quotes.
      More like:
      internal "investigation" by board-appointed "special" comittee.
  • It's not as if any crimes were committed. Oh, wait...
  • Deregulation (Score:5, Insightful)

    by Waccoon ( 1186667 ) on Friday November 03, 2017 @11:30PM (#55487649)

    Any time someone says the free market can police itself, refer them to situations like this.

    • Only idiots and liberals making straw man arguments say that. The question has always been enough regulation and oversight to keep businesses honest but not too much that you stifle industry and growth.

    • Any time someone says the free market can police itself, refer them to situations like this.

      ... and then they will correctly point out that this is not a free market. Free markets have information transparency, and sales based on insider trading are inherently asymmetric.

      Here is the official Libertarian view on insider trading: It should not be a crime. Instead, individual companies should have policies and employment contracts restricting what insiders can do. Those companies that refrain from restricting insider trading will find their stock trading at a discount, and will pay more for capit

      • by johnnys ( 592333 )

        The golden calf named "information transparency" is exactly why "libertarianism" can never work.

        "Information transparency" is a ideal state which can never be achieved, since there will ALWAYS be a person or group who can benefit by manipulating, obfuscating or hiding information and will do so.

        Look at the efforts by Russia to influence elections around the world using social media: The original idea of social media was to allow people to freely communicate and share information for their own benefit, while

    • Why, it worked, didn't it?
      The matter was investigated, no wrong doing found.
      Case closed. ...No?
  • So they "reviewed" 55,000 documents. At just one minute per document, that works out to about 920 man hours of work just to look at them all, much less to understand them.

    And yeah, I'm going to trust the "internal review" of a company that has already proved it has a corporate culture as trustworthy and reliable as Kevin Spacey in a roomful of naked teenage boys.

  • To be fair (Score:5, Insightful)

    by aldousd666 ( 640240 ) on Friday November 03, 2017 @11:50PM (#55487693) Journal
    big companies that reward their executives with stock, or large numbers of options, usually put restrictions on the sale as part of the contract. For example, the most common contract is that they can sell their stock, but only on a 6-month schedule. So they had to have it scheduled for sale at least 6 months ahead of time. I have no knowledge of Equifax in particular, but this is SOP. It would raise a shit ton of eyebrows if not. And, if it's only just a little over a million bucks, that sounds to me like they had it scheduled. Because, if they were playing the inside they'd have made a shit-ton more than that between them.
    • Re:To be fair (Score:4, Insightful)

      by geekmux ( 1040042 ) on Saturday November 04, 2017 @04:28AM (#55488145)

      big companies that reward their executives with stock, or large numbers of options, usually put restrictions on the sale as part of the contract. For example, the most common contract is that they can sell their stock, but only on a 6-month schedule. So they had to have it scheduled for sale at least 6 months ahead of time. I have no knowledge of Equifax in particular, but this is SOP. It would raise a shit ton of eyebrows if not. And, if it's only just a little over a million bucks, that sounds to me like they had it scheduled. Because, if they were playing the inside they'd have made a shit-ton more than that between them.

      And is it also SOP for the board of the company being investigated to be in charge of the investigation? To be fair, that is what reeks of the most bullshit here.

      Well that, and the fact that executives are playing dumb to not knowing about the largest breach in company history for days. Either they're corrupt and knew about the breach, or they're incompetent for holding a keep-me-in-the-dark policy regarding cyberattacks. Which is it?

    • by Pollux ( 102520 ) <<ge.ten.atadet> <ta> <reteps>> on Saturday November 04, 2017 @07:06AM (#55488423) Journal

      It needs to stop.

      About 8 years ago, I read a book called "The Battle for the Soul of Capitalism" [amazon.com], by John Bogle, founder of Vanguard. In one of his chapters, he makes a case for ending executive stock-option compensation. The original intentions of stock-option compensation were to provide executives an incentive to perform well; as Bogle puts it, "align management's interests with those of shareholders".

      But Bogle went on to explain a key difference between executives and shareholders. Executive interests are short-term, while shareholders are invested long-term. Most individuals still invest long-term, and a substantial percentage of the stock market is locked away in retirement 401k's / 403b's, or in pension account investments. That money's not going anywhere anytime soon. But executives want their salaries as big as possible, as soon as possible. So, rather than executives making business decisions with long-term interests in mind, they selfishly make business decisions that maximize short-term values with little interest in how those decisions will affect the value of the company beyond the sell date of their stock compensation, 401k's be damned.

      And that's why we need to end stock-option compensation.

      • by trawg ( 308495 )

        Interesting! Book sounds cool, added to my "hopefully I'll have time to read this one day" list.

        The point totally makes sense, but isn't it an easy fix to tie stock option compensation to long term performance? Just make it so the shares don't vest for five years or more so the short-term incentive to pump and dump is removed?

    • the most common contract is that they can sell their stock, but only on a 6-month schedule

      Yes, and many companies also have auto-buys and auto-sells for senior executives. They have no choice. This is designed to put the fire under their ass. If your stock will auto sell 1 million shares after the earnings call, it best be a good quarter! ;-)

  • by LeftCoastThinker ( 4697521 ) on Friday November 03, 2017 @11:53PM (#55487699)

    Nice try Equifax, but I will wait for the findings and recommendations of the federal investigators, not some stooges you hired to put out what amounts to a PR statement.

    • by SumDog ( 466607 )

      I doubt that anything will come of that either. Is anyone from the 2008 financial collapse in jail? No, of course not. There is a different standard of justice for the 1%, because they control everything.

      • People get put in jail for insider trading all the time. The problem is what looks like insider trading often isn't more than pure co-incidence. E.g. they sold stocks the day before the announcement? Have you tried selling company stock options before? With the restrictions in place they likely had been working on this sale for months, or it was scheduled as part of the standard remuneration vesting.

  • by mysidia ( 191772 ) on Saturday November 04, 2017 @12:06AM (#55487725)

    How about if you are an executive, then for every quarter you Pre-Enter a Sell Order assuming something bad will happen.... If you don't learn of anything catastrophic happening, then cancel or modify your sell order before it occurs and/or before it has to be reported.

    Any investigation will basically always show you knew nothing about what the bad thing was at the time you created the order ----- Because it's what you knew when you failed to cancel your order as otherwise intended that matters.

    • by Kjella ( 173770 )

      Can you do that? I mean selling when you know something bad happened and not selling when you know something good happened sounds like two sides of the exact same coin. I thought the entire point of the SEC filings was to say in advance that you've committed to selling stock to reduce speculation that the sale is due to undisclosed numbers or breaking events. Obviously if a crisis has been long in the making like this it doesn't always help, but it's only supposed to be a speed bump not a full protection ag

      • by mysidia ( 191772 )

        Can you do that? I mean selling when you know something bad happened and not selling when you know something good happened sounds like two sides of the exact same coin.

        I don't know.... It would still be insider trading, BUT impossible for an investigation that makes certain assumptions to prove.

        That's the the thing with trades is they can be cancelled at the last second. The decision to actually cancel is likely to be met with less scrutiny, although a long pattern of cancelling orders might cause s

  • by Anonymous Coward

    Does this come as a surprise?

  • by blind biker ( 1066130 ) on Saturday November 04, 2017 @05:12AM (#55488195) Journal

    So the Equifax board, composed of people who play golf with and has hired these execs, has cleared the execs of wrongdoing? What a fucking surprise.

    In a better world, both the execs, the board, and the committee they appointed, would be chilling in the slammer right now.

  • by Anonymous Coward

    Last time I checked a company cannot clear someone of criminal wrong doing. These execs need to be looked at by the Justice department.

    Nice try Equifax.

    • Last time I checked a company cannot clear someone of criminal wrong doing. These execs need to be looked at by the Justice department.

      The Feds are part of the problem as they (both parties) are more corrupt than who you're asking them to prosecute. If you have enough wealth & power then what happens is along the lines of what we've seen occur in recent history

      "...found no criminal intent..."..."no reasonable prosecutor would...bring charges..."

      Since government touches almost everything, a corrupt government means corruption everywhere.

      Strat

  • by SlaveToTheGrind ( 546262 ) on Saturday November 04, 2017 @08:31AM (#55488643)

    As I said at the time [slashdot.org], the amounts of stock the three execs sold in this particular date range were small percentages of their overall holdings and less than amounts they sold earlier in the year (and, I suspect if someone were to take the time to look, the prior year as well, etc.) If they really were trying to liquidate their holdings in response to bad news, they did a pretty poor job of it.

    And look at it this way: if they really did know about the breach, they would have well understood that selling into that bad news would have triggered exactly the reaction it did, creating a huge amount of both civil and criminal risk in exchange for what was for them a fairly small amount of money.

    I know conspiracy theories are fun, but I'm holding out hope for a thoughtful response this time.

  • ... and found we have done nothing wrong.

  • Oh phew at least they acted legally says their own internal investigation.

    I burnt the house down then tried to incriminate the neighbour but hey my own investigation team says i am not guilty of the latter. Lets try and forget the house burning incident too ;-)

    Poor Americans, this is like most of you are enrolled in an anti-lottery. That means if you win some criminal chose your identity to conduct fraud.

    If USA had a real government department to enforce this stuff they would have shut down equifax immediat

  • Load of crap?
  • I have a fine vacation property west of Miami that you'll love. And I'm willing to part with it for a price that's practically a steal. In fact, I'll handle all of the work for you. Just post your checking account and routing transit numbers here and I'll handle the money transfer myself. I'll also need your DOB and SSN to properly change ownership of the property, and your home address so I can mail the deed to you. Don't miss this opportunity! You'll love it! Be the envy of your friends and family

  • "The report, prepared by a board-appointed special committee"

    That whole asking the " fox to guard the hen house " thing comes to mind.

    No wrong doing found here. No sir. Nothing to see, move along.

  • An investigation performed by a skulk of foxes into the mysterious deaths of five chickens in a nearby coop revealed no obvious cause and that reports of chicken feathers found in piles of fox poop near the scene were fake news.

  • EQUIFAX: We have investigated ourselves, and found that we have done nothing wrong.

    SEC: Cool. As you were.

  • Let us expand the scope of the criminal investigation by outside law enforcement agencies to include this investigation too. Let us check how diligent these investigators were, what documents these guys chose not to see, and see what this investigation did not know, and when they did not know it.

    Further let us also investigate why the top officials were not informed of important security issues. Also let us investigate the board for paying such salaries and compensation with no requirement to know, with n

  • Glad that's all cleared up then.

"Marriage is low down, but you spend the rest of your life paying for it." -- Baskins

Working...