Equifax, one of the nation’s three major data collection agencies, announced on Sept. 7 that hackers accessed the private information of about 143 million individuals, including names, Social Security numbers, birth dates, addresses, and driver’s license numbers.
The firm learned of the breach on July 29, 2017. Regulatory filings show that three executives of Equifax — John Gamble, chief financial officer, Joseph Loughran, US information solutions president, and Rodolfo Ploder, consumer information solutions president – sold a total of nearly $2 million in stock in early August. A representative of Equifax told various news outlets that the execs were unaware of the breach at the time of sale. Shares in Equifax dropped about 14 percent after the Sept. 7 breach announcement, per CNBC. A law firm in New York, Bronstein, Gewirtz & Grossman, LLC, announced it would launch an insider trading investigation into the execs’ sold shares.
The announcement drew immediate fury from the public, press, and regulators, with a class action lawsuit being filed within 24 hours. Initially, it appeared that accepting credit monitoring services offered by Equifax would eliminate affected individuals’ ability to sue over the breach, due to an arbitration clause and class action waiver attached to the TrustedID service. Equifax announced on its breach website – a site that has been reportedly malfunctioning and flagged by browsers as an insecure site at times – that accepting services will not waive consumers’ rights to a class action.
New York Attorney General Eric Schneiderman also announced an investigation into the breach, including telling Equifax that the class action waiver language was unenforceable.
Credit card numbers were also accessed for about 209,000 individuals, and dispute records for another 182,000.