Skip to main content
close search
site logo
Dive Brief

Equifax data breach impacts 143M customers, execs sell shares days before disclosure

Published Sept. 8, 2017
By
and
Dollar Photo Club

Dive Brief:

  • Consumer credit reporting firm Equifax announced Thursday it suffered a data breach, after attackers gained system access by exploiting a website application vulnerability. Equifax discovered the breach on July 29 and, following an investigation, found the unauthorized access occurred from Mid-May through July. This is the third cyberattack on the credit reporting agency since 2015 and one largest of personally sensitive information, according to a New York Times report

  • The breach affected approximately 143 million U.S. consumers, compromising 209,000 credit-card numbers, 182,000 personally identifying dispute documents and an unknown number of birth dates, addresses and Social Security and driver’s license numbers, according to the announcement. 

  • Days before the hack was made public, three company senior executives — including the CFO — sold a total of $1.8 million worth of company shares, according to Bloomberg. Equifax claims the trio had not been made aware of the breach on company data. Company shares dropped 13% after news of the intrusion broke.

Dive Insight:

Cybersecurity is a huge priority for businesses, especially as the scale of attacks continues to grow. The Nyetya cyberattack cost Maersk $300 million in lost revenue, and "WannaCry" ransomware hit 200,000 targets in 150 countries; the largest hacks of 2016 crippled many organizations.

If a cybersecurity risk has the potential to affect investors, U.S. Securities and Exchange Commission (SEC) requires companies to disclose information about it immediately. This July, the SEC issued a filing to investigate Yahoo timing of breach disclosures. Whereas Equifax took just over a month to publicly disclose the breach, Yahoo took years. 

Equifax was quick to set up credit monitoring and create a portal for potentially impacted consumers. But that does not lessen the impact of the data breach, which exposed very sensitive personal and financial information. The potential combination of compromised driver's license and social security numbers could serve as a hotbed for identity theft. 

Equifax CEO Richard Smith was quick to recognize the company must do more for security, promising it has already worked to increase investments. But the reality is major breaches can be career-ending for executives, especially if not handled properly. 

Executives selling shares just prior to the data breach revelation is particularly questionable. Cyberattacks impact companies' bottom line, and trading around the time of disclosure looks suspicious. Organizations are sure to continue suffering data breaches, but many need to learn how to better handle the crises. Transparency, quick disclosure and response are best ways for companies to uphold their reputation. 

Recommended Reading

Filed Under: Security

Editors' picks

Company Announcements

View all | Post a press release
New Research Reveals AI's Impact on IT's Power, Status, and Pay
From 1E
November 21, 2024
PointFive is Apparently the Hottest Cloud Startup, Here is Why
From Jordan Mitchell
November 21, 2024
Newgen and Fadata Join Forces to Optimize Insurance Content Management
From Newgen Software
November 13, 2024
Graphiant Predicts Transformative Changes in Enterprise Connectivity and Data Assurance for 20…
From Graphiant
November 20, 2024
Editors' picks
Latest in Security
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell