By Jerry M. Hanley
At first, the executives at Equifax were only informed that ‘suspicious activity’ had occurred on one of their servers. The initial discovery occurred on July 30th according to testimony from Richard Smith, Equifax former CEO, who was fired shortly after news broke of the breach. But the credit monitoring company had no idea the severity of the incident until late August. The breach, which impacts an estimated 143 million consumers to date, has now garnered attention from The Federal Trade Commission as well as a powerful congressional committee, who have launched an investigation which has already revealed some troubling details. Within a few days of the initial report of ‘suspicious activity’, and despite allegedly being unaware of the true damage, the company coincidentally enlisted the services of King & Spalding, and its data security team.
The tip of the spear for Equifax in its fight against an ever-increasing horde of class action lawsuits, which is now around 70, is attorney Phyllis B. Sumner. A partner at King & Spalding’s Atlanta office, Sumner is known as an extremely heavy hitter, backed by an excellent team of very skilled lawyers which add to her clout. Last year she successfully defended the company in several suits within in which it had to defend attacks on its credit reporting practices, building a solid repour.
This behavior by itself wouldn’t be all that alarming. A large company taking such a precaution after even a minor incident would be expected, especially considering the sensitive nature of the information they keep on millions of individuals. However, in the month following the initial discovery, and before the company disclosed the breach to the public, John Gamble, Equifax Chief Financial Officer sold shares worth nearly $950,000. Joseph Loughran, Equifax president for information solutions within the United states sold stocks worth roughly $685,000, and Rodolfo Ploder, the president for workforce solutions sold stock worth more than $250,000, totaling almost $2 million all together. These events which would be completely innocent in and of themselves, raise major red flags when considered together.
Smith swore in his testimony that the executives who took part in those sales were completely unaware of even the reported ‘suspicious activity’, let alone a catastrophic information leak at the time the sales occurred, and even he had no idea how deep of a wound the hackers had inflicted at that time. The fact that Equifax stock plummeted more than 13% during after-hours trading immediately following the breach certainly doesn’t make the suspicious timing of the sales look any better. Hopefully as the investigation develops, more details will surface regarding the circumstances surrounding this new and different kind of ‘suspicious activity’
Student Bio: Jerry Hanley is a second-year law student at Suffolk University Law School, and a current Staff Member of The Journal of High Technology Law.
Disclaimer: The views expressed in this blog are the views of the author alone and do not represent the views of JHTL or Suffolk University Law School.