Senior Equifax Executive Problems—Trouble With the Law
As we predicted back in October, insider trading charges are now a part of the untangling of the web surrounding the 2017 Equifax data breach. The Equifax data breach check, now, includes a look at court dockets. Because a senior Equifax executive has landed in some rather hot water indeed.
Senior Equifax Executive Legal Matters—it’s Just the Tip of the Iceberg
According to the Boston Globe (and several other sources), former senior Equifax executive Jun Ying is facing both civil and criminal charges from the Securities and Exchange Commission and the United States Attorney’s Office for the Northern District of Georgia.
Note: the insider trading case, while it is venued in Georgia, is a separate matter from O’Dell Properties, LLC, O’Dell & O’Neal, P.C., Jellie Donuts, LLC, et. al. v. Equifax, Inc. (see: https://www.smallbusinessequifaxclass.com/). The O’Dell Properties matter is a class action alleging damages to several businesses due to last year’s data breach.
The Equifax Data Breach—a Case Study in What NOT to Do
As readers might recall, on September 7, 2017, the Associated Press reported the Equifax breach, which involved some 143 million Americans’ personal data, including Social Security numbers (that figure is now up to 148 million). A troubling detail: the hackers had access to files between the middle of May and July of 2017.
Apparently Equifax caught the breach on July the 29th but the company waited until September 7 to publicly announce it. After the announcement of the data breach, Equifax’s stock dropped 13%, to $124.10 in extensive trading.
The company quickly set up a web page where consumers could check to see if they were in that group. You could also sign up for credit monitoring but – surprise! The senior Equifax executive crowd didn’t want to give it away for free.
As you might expect, critics were none too kind.
The New Set of Senior Equifax Executive Problems
On October 12, 2017, Ars Technica reported that there were redirects on the site, which led to spammy sites (e. g. “You just won an iPhone!”) or to a download of Adobe which was anything but. Instead, the downloads were malicious. Symantec (they are the Norton people), Panda, and Webroot said they were malware.. Malwarebytes, Avira, and Eset also showed red flags, although for a different stage in the process.
After the recent debacle with the massive July 2017 data breach which was not reported until September, consumers should be cautious about their information online and their credit reports in particular. And not just with Equifax! Dun & Bradstreet, Experian, and TransUnion could potentially have future issues.
Recently, I provided instructions for how to set up a credit freeze due to the breach. Here are some additional steps you can take to protect yourself and your credit.
Learn How to Dispute Errors on Your Credit Reports. Then Senior Equifax Executive Data Breach Problems Won’t Matter Quite So Much to You
Just like any other calculation, sometimes your credit score is just plain incorrect. And that could be a more frequent occurrence in the face of the breach and later problems with Equifax. Hence you need to stay on top of your credit score. And check what’s going into it. If any charges are wrong (often as unpaid or as delinquent), then you can dispute these issues.
Disputes have to be in writing. And they should be specific as to which charge you are calling into question. You will need documentation as well. So enclose a copy of any sort of proof of payment, such as a receipt or a cancelled check. Retain the originals and only send copies.
For personal credit, you can get free reports with Annual Credit Report.com. This site covers your personal Experian, TransUnion, and Equifax reports.
You can order your business’s Equifax report here. If you need to dispute your or your company’s Equifax report, follow the instructions here.
If you need to dispute your personal Equifax report, go here.
Order your company’s Experian report here. You can dispute errors on your or your company’s Experian report by following the directions here. For disputing your personal credit report from Experian, go here.
You can get your business’s PAYDEX report here and you can contact their Customer Service department (it’s a part of Dun & Bradstreet, as they also generate PAYDEX reports) here. D & B’s PAYDEX Customer Service phone number is here.
TransUnion only reports on your personal credit score. Get your TransUnion report here. If you need to dispute your TransUnion personal credit report, then you can do so here.
This Senior Equifax Executive Stock Trading was not a One-Time Event
What is perhaps even more interesting is that Ying, the troubled credit reporting agency’s chief information officer for a United States division, was not the only executive dumping stock. Mr. Ying was under consideration for the CIO role when the company’s CIO quit. The company rescinded their offer once they learned of the trades.
Three other Equifax executives seem to have protected themselves. This was by selling shares with a combined value of $1.8 million on August 1 and 2. It was a mere few days after the July 29 discovery of the breach, per documents filed with securities regulators. However, the company claimed the executives did not know about the breach when they made their trades.
These executives are the Chief Financial Officer John Gamble; and Joseph Loughran, Equifax’s president of United States information solutions; plus Rodolfo Ploder, who is Equifax’s president of workforce solutions.
As for Mr. Ying, according to the SEC complaint, before the breach was public, he exercised all of his Equifax stock options. He thereby realized a profit of nearly $1 million. And he did not suffer over $117,000 in losses. Most telling were his internet searches before trading.
Per Ars Technica, Mr. Ying was searching for information on Experian’s stock prices after their own 2015 breach.
Equifax’s shakeup also included the retirement of two of its executives. They were the company’s Chief Security Officer, Susan Mauldin, and its Chief Information Officer, David Webb.
Senior Equifax Executive and the Senate Banking Committee—Former CEO in the Hot Seat
On October 4, 2017, Equifax’s former CEO, Richard Smith (his retirement was reported by the New York Times on September 26, 2017) testified in front of the Senate Banking Committee for about three hours. Questioning included if the company had notified consumers of the breach so they could take proactive steps to prevent consumer credit damage.
And it included how the credit bureau could (and should) have acted to prevent such a breach in the first place.
Note that the Board of Directors took the rare step of saying they could retroactively reclassify Smith as a firing for cause. Currently, Smith would receive over $18 million in pension benefits. Plus he holds $20.8 million in stock awards, plus $23.6 million in Equifax stock. A firing for cause would likely mean he would have to repay or forego some of that compensation.
If Smith is on the receiving end of a lawsuit and loses, the Board may very well vote to change its records and say they fired him for cause.
Equifax’s Initial Response to the Breach—a Stumble Out of the Gate for Every Senior Equifax Executive
As we also reported back in October, the company’s efforts at addressing the problem with online solutions were far from adequate. The credit reporting agency had issues with redirects and unclear instructions. Plus there was downright incorrect data. So consumers were understandably cautious .
Would you want to entrust your personal information to a company from which that same information was stolen? And would you want to do this, all in exchange for knowing for sure if your own information had been compromised?
As for how the Equifax data breach happened, Ars Technica reports no one installed a two-month old security patch. This patch was to fix a critical web application bug. Why was Equifax hacked? It was to get at their valuable private data on hundreds of millions of people, of course. And failing to install a patch was how the hackers were able to do just that.
Senior Equifax Executive Futures
Will there be more indictments? Or will Mr. Ying be the only senior Equifax executive in trouble? Will Mr. Smith or any other Equifax executives, both past and present, appear in front of the Senate or the House of Representatives? And after all of this, can anyone trust Equifax? Will Equifax survive?
Be sure to get a copy of your Equifax credit report. And get it for both for consumer and business credit. Check it over carefully. Dispute Equifax credit report errors that you find. Do so with copies of your receipts and as clear a letter as possible outlining the issues. And as always, protect your personal information as well as you can.
On February 10, 2020, the Boston Globe reported that Attorney General William Barr and the United States Justice Department were charging four members of China’s military on suspicion of the 2017 hack into Equifax. The Attorney General noted there have been any number of data theft by the Chinese military in recent years.
These thefts have been of sensitive information such as identifying American intelligence officers. Equifax’s financial data could be used to find out if any intelligence officers have money issues – and would thereby be subject to bribery or blackmail.
In February of 2022, the Federal Trade Commission announced a settlement. The settlement includes four years of free monitoring and free help recovering from identity theft.
We will continue to watch this one closely. So be sure to stay tuned.