U.S. senator on Equifax hack: 'Somebody needs to go to jail'

FLORIDA-SHOOTING/GUNS

A U.S. senator on Tuesday called for a criminal investigation of executives from credit bureau Equifax Inc for stock sales after a massive data breach this summer, and said their actions were comparable to insider trading.

The breach, which the company learned about in July but did not acknowledge until this month, also prompted expressions of concern from U.S. Treasury Secretary Steven Mnuchin and the Federal Trade Commission. Cyber security experts believe it is one of the largest data hacks ever disclosed.

Senator Heidi Heitkamp, a Democrat who sits on the Senate Banking Committee, said it was "disturbing" that it appeared executives sold nearly $2 million worth of company stock in the time between learning of a sweeping hacker intrusion and making it public.

"If that happened, somebody needs to go to jail," Heitkamp said at a credit union industry conference in Washington. "It's a problem when people can act with impunity with no consequences. How is that not insider trading?"

Heitkamp is the latest U.S. senator to ask that Equifax be held to account for alleged missteps after it discovered the hack. On Monday, Senator Orrin Hatch, who chairs the Finance Committee, and ranking Democrat Ron Wyden, demanded that Equifax Chief Executive Rick Smith provide a timeline of the breach and its discovery.

Equifax announced last week that it had learned on July 29 that hackers had infiltrated its systems in mid-May, gaining access to a wide swath of personal information.

The hackers pilfered names, birthdays and addresses, as well as Social Security and driver’s license numbers - a treasure trove for identity thieves. The data of up to 143 million people may have been affected.

Three days after Equifax discovered the breach, three top company executives, including Chief Financial Officer John Gamble and a president of a unit, sold Equifax shares or exercised options to dispose of stock worth about $1.8 million, regulatory filings show.

Equifax said in a statement last week that the executives were not aware that an intrusion had occurred when they sold their shares.

Any investigation into insider trading would likely involve the Securities and Exchange Commission. A spokesman for SEC Chairman Jay Clayton declined to comment, citing a policy of refusing to confirm or deny ongoing investigations.

U.S. Treasury Secretary Mnuchin on Tuesday called the Equifax breach "quite unfortunate" and insisted that his top priority is to make sure financial data is safe.

"I am concerned about the global financial system and keeping it safe," Mnuchin said at the CNBC Institutional Investor Delivering Alpha Conference in New York, adding that he was having meetings about the cyber attack.

Also on Tuesday, Senator Gary Peters, a Democrat, called on the FTC to launch a probe into whether the company misled consumers by saying it considered protecting customer information a top priority.

The acting FTC chairman, Maureen Ohlhausen, said that her agency was aware of the massive breach but declined to say if an investigation was underway.

"We're trying to get a handle on the scope of all of this. We're certainly taking this very seriously," she told reporters on the sidelines of an antitrust conference.

The agency has historically probed big breaches but only sued companies that they deemed had been sloppy in protecting consumer data.

Equifax did not immediately respond to requests for comment.

(Reporting by Pete Schroeder. Additional reporting by Diane Bartz; Editing by Dan Grebler and Chris Sanders)