The credit reporting agency Equifax announced a data breach Thursday that began in May and exposed the sensitive data—including the Social Security numbers, driver’s license numbers, birth dates, addresses, among other personal data—of 143 million Americans. Hackers were able to exploit an application on the company’s website to gain access to private information of American, British, and Canadian customers. The ratings agency said it discovered the intrusion on July 29th, but, according to the New York Times, the company says it “has since found no evidence of unauthorized activity on its main consumer or commercial credit reporting databases.”
Equifax is one of the three major consumer credit reporting agencies and has wide access to individuals’ financial records used to determine creditworthiness. The hack of the Atlanta-based company was not as large as recent breaches at Yahoo; in September 2016 Yahoo announced 500 million accounts were hacked years earlier and three months later disclosed a second breach in 2013 where more than one billion user accounts had been compromised. The sensitivity of the information exposed—which makes up the foundation of our online identity and could easily be manipulated to perpetrate identity fraud—makes the Equifax breach particularly worrisome. Experian, another leading credit rating agency, exposed the personal data of 15 million Americans in a 2015 hack.
Equifax said it is working with law enforcement and a cybersecurity firm to review its security measures, but the company waited a full 39 days to tell its customers they were newly susceptible to identity theft and a whole host of financial crimes. Three days after discovering the breach that would affect millions of customers however, while the company didn’t warn the public, three Equifax senior executives did sell $1.8 million in stock, according to Bloomberg.
Regulatory filings show that three days later, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 pre-scheduled trading plans.
“I apologize to consumers and our business customers for the concern and frustration this causes,” said Chairman and Chief Executive Officer, Richard F. Smith said in a statement published on the company’s Web site.