Equifax said the hackers breached the company's system between mid-May and July by "exploit [ing] a U.S. Web application vulnerability to gain access to certain files", with Equifax discovering the hack on July 29 (deciding to not go public with the information until more than a month later).
The shares that were sold total nearly $1.8 million and the stock dump took place in the days following the discovery of the security breach but prior to the company announcing the hack.
Richard Smith, chief executive of Equifax, said that the breach - which is one of the largest ever reported in the U.S. - was, er, "disappointing".
Richard F. Smith, Equifax chairman and chief executive, said: "This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do".
Equifax is offering everyone free credit monitoring for a year, whether they were affected or not, which is a good place to start. Much better techniques exist to identify and safeguard sensitive information online, she says. Some have noted that the domain name Equifax registered for people to check on their data should have been a subdomain of Equifax's pre-existing site, rather than something that could appear to have been registered by hackers impersonating Equifax. They are focusing on consumer's protection right now.
Gamble sold shares worth $946,374, US information solutions president Joseph Loughran sold shares worth $584,099, and workforce solutions president Rodolfo Ploder sold shares worth $250,458, according to regulatory filings. Three days after the incident, three managers sold part of their shares. Many consumers, and some experts are not happy about having to provide personal information to a company that has been hacked.
"The three 'sold a small percentage of their Equifax shares, '" spokeswoman Ines Gutzmer said in a statement emailed to Bloomberg's Anders Melin. "The firm said it had no evidence that information for other countries' citizens was compromised", David Meyer reports for Fortune.