Credit reporting agency Equifax is now the subject of several federal criminal probes due in part to suspicions of insider trading stemming from the company’s multiple security breaches. As more information about the breach has surfaced this past week, the story has continually moved further into the surreal.
Equifax originally claimed that the breach occurred (conveniently) immediately after several company directors and the CFO dumped stock worth approximately $1.8 million but recent reports have confirmed that the breach occurred early as March of this year. The security breach accessed 143 million people’s names, Social Security numbers, birth dates, addresses, driver’s license numbers, and credit card numbers. Equifax denied that the directors and CFO had any insider knowledge about the breach when the stock sales occurred. Several of those directors have since resigned from their positions.
Bloomberg reports that the US Department of Justice (DOJ) has now opened a criminal investigation into these stock sales. According to Bloomberg, Equifax CFO John Gamble, President of US Information Solutions Joseph Loughran, and President of Workforce Solutions Rodolfo Ploder sold nearly $1.8 million in stock just after the company discovered the breach and about a month before it was publicly announced. The Securities and Exchange Commission (SEC) is also investigating the sales in its insider-trading probe. The DOJ investigation will work alongside the SEC's and will be headed by US prosecutors in Atlanta, say Bloomberg's sources. Those agencies are joined by the Federal Trade Commission (FTC), which is also looking into the breach.
According to the Los Angeles Times, several Republican lawmakers are currently backing legislation to deregulate credit agencies to make them less accountable for wrongdoing. Bills are pending in Congress to limit class-action damages for violations of the Fair Credit Reporting Act and to give credit agencies more latitude in profiting from identity theft protection products. The legislation is part of the sweeping efforts by Republican lawmakers to reduce oversight of banks and other financial-services firms, and to eliminate the Consumer Financial Protection Bureau.
A group of Democrats have introduced a bill, the Freedom from Equifax Exploitation Act, that would require credit agencies to allow people to freeze and unfreeze their files at no cost, and that calls upon the CFPB to play a greater role in overseeing the companies.
In a truly Kafkaesque moment, Equifax was caught this week directing users of its website concerned about the security breaches to a spam phishing site, instead of the website it had set up originally. The fake website was set up by a computer programer to expose just how poorly Equifax had handled the crisis. Even worse, reports are coming in this week that Equifax had used admin/admin as the log in credentials to its administrator accounts.
The security breaches, coupled with Equifax's terrible mismanagement of the crises, has exposed the personal identifying information for millions of Americans. Proactive steps are needed to protect yourself and your business interests from further exposure. I recommend, at a bare minimum, freezing your credit with the other major Credit Reporting Agencies and ordering your credit report every quarter or biannually instead of annually for the foreseeable future.