Equifax (44 million UK people's records) hacked.

stockhausen

stockhausen

stockhausen

Capodecina
Soldato
Joined
30 Jul 2006
Posts
12,129
The US credit ratings firm Equifax was hacked in July; it owned up to the fact on September 7th.

Three Equifax executives sold shares worth a combined £1.3m a few days after the company discovered it had been hacked. This is pure coincidence and they were of course entirely unaware that Equifax had been hacked.

Equifax boasts that it holds personal details on over 44 million Britons. They say that records of UK citizens are among those unlawfully accessed.

Until s few CEOs and CIOs get to experience maintaining a permanent upright stance with crossed legs in G4S communal showers this is going to keep happening.
 

Destination

Destination

Destination

Soldato
Joined
31 May 2009
Posts
21,257
Did the share price crash after the release of this information?
Has the matter been referred to the information commisioner?
Are the details of UK people subject to UK laws?
 

Meridian

Meridian

Meridian

Man of Honour
Joined
18 Oct 2002
Posts
12,301
Location
Vvardenfell
My understanding is:

No, but it's a bit early to tell. Also, hacks are now so common that I suspect stock prices will be affected less and less by most such events. But it took over thirty days for Equifax to admit the hack, and the shares were sold during this time. So three senior managers at least though the price would go down.
Surely the IC can only get involved if the data if leaked from a UK company? But I wait to be corrected.
Yes and no. But mainly (I believe) only if held by a UK company. It's who holds the data which is more important.

But details are sketchy. The reports refer to emails and passwords, so I assume the data which has been lost is that applying to people who have created accounts to read their credit rating. That's NOT the same thing as having the actual credit details taken.

Edit: the US customers do seem to have had actual personal details stolen, but it still seems like the UK stuff is at a lower level. And the IC is investigating, but I suspect has limited power to do anything.
 
Last edited:

Destination

Destination

Destination

Soldato
Joined
31 May 2009
Posts
21,257
Thx for the details Meridian.
You could ban them from having UK operations one would assume, granted, only after a series of such breachs and no efforts being made to strengthen their security.
This won't happen.
If folks sold shares with knowledge of a potential unreported issue then one have though that breaches some US rules on executive sales. Interesting they have taken no action, but that might be a case of 'yet'
 

Fishbait

Fishbait

Fishbait

Associate
Joined
12 May 2012
Posts
2,135
Did they sell before or after equifax released details of the hack/leak?
If before, surely they should be done for that.

As for hacks in general, it's long over due that laws were made to let customers/users know immediately upon discovery of the event, not weeks/months/years later.
 

Pottsey

Pottsey

Pottsey

Soldato
Joined
29 May 2006
Posts
5,349
Fishbait said:
Did they sell before or after equifax released details of the hack/leak?
If before, surely they should be done for that.
Click to expand...
Before and they shouldn't be done for it as the people who sold had not been told about the hacks. In large companies everyone doesn't know everything and when IT staff find a breach they shouldn't be sending out information on the breach to all staff. Its normal for only a few people in management to know about a breach and the rest not to be told. Saying that 30+ days does seem a long time but I can believe some people in management where as in the dark about the breach as the rest of us over that 30days.
 

Destination

Destination

Destination

Soldato
Joined
31 May 2009
Posts
21,257
Pottsey said:
Before and they shouldn't be done for it as the people who sold had not been told about the hacks. In large companies everyone doesn't know everything and when IT staff find a breach they shouldn't be sending out information on the breach to all staff. Its normal for only a few people in management to know about a breach and the rest not to be told. Saying that 30+ days does seem a long time but I can believe some people in management where as in the dark about the breach as the rest of us over that 30days.
Click to expand...

3 managers with shares of £1.3 Million know nothing for a month of a large security breach?
Intriguing. US companies must issue a fair amount of share options to their managers if it was above their pay grade to know such.
 

shauncr91

shauncr91

shauncr91

Soldato
Joined
28 Dec 2007
Posts
11,549
Location
Sheffield
Hikari Kisugi said:
Our goal was to delay release of this information until such times as a hurricane would make national news ahead of our mishaps....
We'll use the old smoke and mirrors as governments do ;)
Like the current prospered up govt upping the pension age to 67 for many on the same day as the BBC salaries were released.
Click to expand...

Not quite sure what your theory has to do with my link, it clearly states in black & white that they aren't blocking any class action or legal action from effected customers.
 

Destination

Destination

Destination

Soldato
Joined
31 May 2009
Posts
21,257
shauncr91 said:
Not quite sure what your theory has to do with my link, it clearly states in black & white that they aren't blocking any class action or legal action from effected customers.
Click to expand...

My theory is like with all PR disasters you wait to release the information as long as you can. The hack was from mid-may until July. It is September.
You wait until news of epic proportions is on the way, so the PR fallout is minimised by everyone watching the other direction.
Your link, wonderful as it is, doesn't cover the whole story, it is just a statement by a company who were grossly negligent with the most personal of customers information.
They started with a 'our goal is to', I cited an alternative wording.
 

Pottsey

Pottsey

Pottsey

Soldato
Joined
29 May 2006
Posts
5,349
Hikari Kisugi said:
3 managers with shares of £1.3 Million know nothing for a month of a large security breach?
Intriguing. US companies must issue a fair amount of share options to their managers if it was above their pay grade to know such.
Click to expand...
No one said they didn't know for a month and most likely they did find out before the month was up. Most places have a standard procedure that during investigations only the bare minimum of people know. Its perfectly reasonable that in the first few days only a tiny handful of people know while the investigation was ongoing. Normally each manager is in charge of different areas and only the manager related to IT/Security would get told at first. Later on if the situation was serious enough the rest of the mangers get informed. The ones that sold the shares didn't get informed until after they sold.
 
Last edited:

thenewoc

thenewoc

thenewoc

Soldato
Joined
9 Mar 2012
Posts
10,072
Location
West Sussex, England
You must log in or register to reply here.
Back
Top Bottom