Equifax's Dumpster Fire: Class Action Suit Filed, Three Execs Sell $1.8M In Shares Before Cyberattack Disclosure
While there have been larger hacks that have taken place in recent years, none contained such critical information like names, birthdates and social security numbers; which could be a virtual goldmine for those looking to sell this information on the black market. In some instances, even drivers license numbers and credit card numbers were obtained.
Equifax has some provisions in place to “help” affected Americans, but there are some caveats that you must consider. For starters, you can go to equifaxsecurity2017.com, where you'll be asked to input your last name and the last six digits of your social security number. Once you submit that information, there's a very good change that you'll receive the following notification (as I did):
At that point, you are given the option to enroll in TrustedID Premier, which is the credit monitoring service that Equifax will provide free for one year to anyone that signs up. Unfortunately, if you are one of the over 143 million people that were affected, you can't immediately enroll in protective credit monitoring services. Instead, people aren't able to enroll until September 12th or 13th at the earliest.
However, there's one additional wrinkle to signing up for TrustID Premier. According to Equifax, signing up for the service (which is being provided due to Equifax's own screw-up) waives your right to participate in a class action lawsuit:
⑤ …which means WAIVING YOUR RIGHT to a class action or class arbitration!! Which is like… unimaginably evil??? (h/t @colindickey) pic.twitter.com/G0hrY9M6xl
— Cabel Sasser (@cabel) September 8, 2017
Speaking of class action lawsuits, one has already been filed in an Oregon federal court, just hours after news of the breach was made public. The lawsuit was filed on behalf of Mary McHill and Brook Reinhard, and seeks "fair compensation" for class members.
"In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard's information from unauthorized access by hackers," wrote attorney Michael Fuller in the complaint. "Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach."
As if all this wasn't trouble enough for Equifax, it appears that there was some extreme shadiness going on involving some of its executives after the breach was first discovered internally. Three Equifax executives -- CFO John Gamble Jr., Workforce Solutions President Rodolfo Ploder and U.S. Information Solutions President Joseph Loughran -- sold $1.8 million shares in the company on August 1st and August 2nd, just days after the company realized the scope of the intrusion (July 29th).
The sale had not previously been scheduled, however, an Equifax spokesperson says that the executives “sold a small percentage of their Equifax shares" and "had no knowledge that an intrusion had occurred at the time they sold their shares".
Given the scope of this information dump, it's likely that this trio will be put through the ringer in the coming days, weeks and months.
Top image courtesy GotCredit/flickr