Equifax Inc. told the U.S. House of Representatives in a letter made public on Friday that its board of directors formed a special committee to review stock sales by company executives weeks before the credit-reporting service disclosed a massive data breach.
Three senior executives including the company's chief financial officer sold $1.8 million US in shares three days after the company learned on July 29 hackers had breached personal data for up to 143 million Americans.
Equifax announced the breach publicly more than a month later, on Sept. 7. The news sparked public outcry, government investigations, a sharp drop in its share price and a management shake-up.
- Equifax to offer free locking of credit files for life — unless you're Canadian
- 100,000 Canadian victims: What we know about the Equifax breach — and what we don't
Equifax lawyer Theodore Hester said in a letter dated Thursday to members of Congress announcing the review that the company "takes these matters seriously" and has retained lawyers.
In response to questions about whether the stock sales violated insider trading laws, Equifax has said the executives did not know about the breach when making their sales, which were not prearranged. The company did not immediately comment Friday.
According to regulatory filings, chief financial officer John W. Gamble Jr sold shares on Aug. 1 for $946,000 US, while Joseph Loughran III, president of U.S. information solutions, sold $584,000 US in stock on the same day. Rodolfo Ploder, president of Equifax's workforce solutions business, sold $250,000 US worth of stock on Aug. 2.
Equifax stock fell 38 cents to close at $105.99 US on Friday. The issue is down more than 25 per cent from early September.
The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice.
Earlier this week, the Atlanta-based company said chief executive Richard Smith would leave and forgo this year's bonus.
Congressional committees plan hearings next week with Smith.
Equifax said in a regulatory filing that it might claw back some of Smith's compensation for this year, depending on results of the board's investigation into the breach, which the company has said occurred between mid-May and July.
The breach has already prompted the departures of Equifax's chief information officer and chief security officer.
The hack, among the largest ever recorded, was especially alarming due to the richness of the information exposed, which included names, birthdays, addresses and Social Security and driver's licence numbers, cyber researchers said.