Equifax, which controls sensitive personal information on nearly a billion people, becomes a bumbling mess when it comes to quickly and clearly sharing its own troubling information.
Either that, or the data and credit reporting agency acts as if it’s trying to hide something.
In the fall of 2017, for example, it made a great show of its investigation into insider trading concerns and reported finding no problems.
What it neglected to mention publicly at the time: it forced out its heir-apparent chief information officer for alleged insider trading.
Equifax is the kid who’s supposed to bring home a stern note from the teacher but manages to swallow it instead.
And when Atlanta-based company lands in a pickle it can’t squirm out of, it conveniently omits details.
Like when the feds just brought insider trading charges against that former top executive at Equifax. The company issued a press release carefully avoiding the word “executive.” Instead, it called him “a former employee.”
You’d have thought the accused, Jun Ying, worked in the motor pool or maybe sat on the first rung of some sales office.
Actually, the 42-year-old Ying was the company’s No. 2 guy over information technology. And Equifax had offered him the job of chief information officer of the entire global company, according to federal investigators. Essentially, Equifax had planned to hand him all the keys to its electronic kingdom.
Equifax wants to look like a tight, super-secure operation. Reality has a way of messing with such images.
There was last year’s debacle when the company learned in July about a scary and apparently preventable breach of its systems. Equifax investigated the issue, but didn’t notify the public until Sept. 7, more than three weeks after it had concluded that people’s sensitive information had likely been taken, according to federal investigators. The records of more than 140 million people were put at risk.
Then the company bungled information it gave to worried consumers.
And there was public consternation following news that some of Equifax’s most senior executives had sold company stock after the breach was discovered but before it had been made public. (The company’s stock price tanked once news of the breach was announced.)
It’s generally illegal for company executives to buy or sell stock on significant corporate news they’ve been entrusted with but that hasn’t been made public.
Equifax assured shareholders it was digging into the matter. In early November, it issued a press release with this headline in all caps: “REVIEW CONCLUDES EXECUTIVES ACTED APPROPRIATELY.”
After what was described as a “timely and thorough review,” a special committee of Equifax’s board reported it had “conducted dozens of interviews and reviewed more than 55,000 documents” and had checked out all of Equifax’s corporate officers who required pre-clearance for trading company shares. It concluded that of four executives who had made trades, none knew about the breach when they sold their shares and none violated company policy.
In other words: nothing to see here, folks. Everything is peachy keen.
Except, it now appears some Equifax leaders knew by then that wasn’t the case.
By Oct. 16 – more than two weeks before that press release – senior Equifax executives had concluded that Ying had violated company insider trading policy and determined his employment should be terminated, according to the U.S. Securities and Exchange Commission’s complaint. “At that time, Ying agreed to resign.”
The episode has come out now — months later — because the SEC and U.S. Department of Justice announced charges had been brought against Ying.
I called Charles Elson, who directs the University of Delaware’s Weinberg Center for Corporate Governance. He had heard about the Equifax board’s earlier internal investigation into insider trading.
“If this individual wasn’t picked up, it makes you wonder about the thoroughness of the investigation,” Elson told me.
Equifax is sticking to a press release statement. It says that it is fully cooperating with authorities.
Federal officials say their investigation is ongoing. Ying’s attorneys declined to comment to my colleagues.
According to a federal civil complaint and a criminal indictment, Ying suspected in late August that Equifax had been the victim of a breach.
Investigators contend that he used his Equifax computer to run a Bing search engine query on what happened to a competitor’s stock price after it suffered a data breach.
Did you catch that? Equifax’s former No. 2 tech exec is alleged to have used a company computer to set the stage for insider trading. And they think he relied on a search using Bing. The horror.
Federal officials contend that Ying exercised stock options and then sold nearly $1 million in shares before Equifax’s data breach was publicly disclosed. He avoided more than $117,000 in potential losses, according to the SEC.
If that’s true, the risk/reward consideration seems out of whack for a senior executive who apparently was moving up the money-laden corporate ladder at Equifax.
Human (and technological) frailty is a risk at any business. What’s worrisome is when officials at a publicly traded company are slow to disclose that unvarnished reality to the people who’ve invested in them.