The U.S. Justice Department has opened a criminal investigation into whether top officials at Equifax Inc. violated insider trading laws when they sold stock before the company disclosed that it had been hacked, according to people familiar with the investigation.
U.S. prosecutors in Atlanta, who are looking into the share sales, said in a statement they are also examining the breach and theft of people's personal information in conjunction with the Federal Bureau of Investigation. The Securities and Exchange Commission is working with prosecutors on the investigation into stock sales, according to another person familiar with the matter.
The federal investigations add a serious challenge to Equifax as lawmakers, state attorneys general and regulators scrutinize the breach that may have compromised the privacy of 143 million U.S. consumers.
Equifax shares were little changed Monday. The shares have fallen 35 percent since the breach was disclosed after market close in New York on Sept. 7. The shares rose $1.40, or 1.5 percent, to close Monday at $94.38.
Investigators are looking at the stock sales by Equifax's chief financial officer, John Gamble; its president of U.S. information solutions, Joseph Loughran; and its president of workforce solutions, Rodolfo Ploder, said two of the people, who asked not to be named because the investigation is confidential.
The company and the executives didn't respond to requests for comment.
Equifax disclosed earlier this month that it discovered a security breach on July 29. The three executives sold shares worth almost $1.8 million in early August. The company has said the managers didn't know of the breach at the time they sold the shares.
Regulatory filings don't show that the transactions were part of pre-scheduled trading plans.
To run afoul of laws that prohibit insider trading, a seller has to be aware of nonpublic information, said Stephen Crimmins, a former enforcement lawyer for the Securities and Exchange Commission.
The inquiry will be handled by the U.S. attorney's office in Atlanta, where the credit firm's headquarters is located, said one of the people. A spokesman for the U.S. attorney's office in Atlanta declined to comment on the investigation into share sales, but confirmed an inquiry into events surrounding the hack.
"The U.S. Attorney's Office for the Northern District of Georgia is working with the FBI to conduct a criminal investigation into the Equifax breach and resulting theft of personal information," said U.S. Attorney John Horn in a statement.
The SEC, in its preliminary investigation, is looking into what executives knew and when about the data breach, according to the person familiar with that matter.
More than one third of U.S. senators have called on the Securities and Exchange Commission, in addition to the Justice Department, to investigate Equifax.
Separately, state and federal regulators and law enforcers are scrutinizing the company's data security practices and its response to the breach. The Federal Trade Commission and a Congressional committee with subpoena power last week joined the growing number of bodies scrutinizing the cyber attack.
New York Gov. Andrew Cuomo on Monday proposed tougher state regulations for credit reporting agencies in the wake of the hacking.
The Democrat announced that he has directed the state Department of Financial Services to issue new regulations requiring credit reporting agencies to register in New York for the first time and to comply with the state's cybersecurity standards.
The proposal, first reported Monday by The New York Times, would require Equifax, Experian and similar firms to adhere to the same consumer protection rules the state imposes on banks and insurance companies.
Cuomo said consumer credit reporting agencies operating in New York will be required to register annually with Department of Financial Services by Feb. 1, 2018, and by Feb. 1 of each year afterward. The DFS superintendent will have the authority to deny or revoke an agency's authorization to do business with New York consumers and state-regulated financial institutions if a firm fails to comply with regulations, the governor said.
"The Equifax breach was a wake-up call, and with this action New York is raising the bar for consumer protections that we hope will be replicated across the nation," Cuomo said.
Equifax announced late Friday that its chief information officer and chief security officer had left the company.
Equifax said that Susan Mauldin, who had been the top security officer, and David Webb, the chief technology officer, retired. Mauldin, a college music major, had come under media scrutiny for her qualifications in security. Equifax did not say in its statement what retirement packages the executives would receive.
Information for this article was contributed by Tom Schoenberg, Anders Melin, Matt Robinson and Elizabeth Dexheimer of Bloomberg News and by Ken Sweet of the Associated Press.
A Section on 09/19/2017