By Haddon Libby
Your personal information was probably stolen last week from one of the largest credit reporting services in the United States. The hackers stole the credit files of 143 million people from Equifax and will probably sell that information to the highest bidders on the DarkNet – an illegal, underground network where criminals trade or sell electronic information.
Because of the hack, your social security number, birth date, driver’s license numbers, credit card numbers, past and current address, tax liens or court judgements, if any, and much more are in the hands of criminals intent on using that information.
To protect yourself against identity theft, you will need to review your financial information from now on as the thieves can use this information today, tomorrow or in 15 years. As such, get free credit reports from the three credit reporting agencies annually (Experian, Equifax and TransUnion) as well as other free online services like CreditKarma. Consider subscribing to one of these services so that you are informed of any credit inquiries or extensions of new credit in your name. You can also initiate a credit freeze with each of the credit agencies for a fee but then you cannot get new credit of any kind unless you unfreeze your credit status. Even if you do a credit freeze, the identity thieves can still file fraudulent tax returns in your name and have refund checks sent to them.
This new burden was added our lives because Equifax did not patch a security flaw in their Apache Software despite being notified months earlier that corporate networks were being infiltrated by malware via Apache. Early reports are that management felt that the cost of the repair was too high. After the loss of billions of the company’s value since the announcement of the hack, management are probably second-guessing that decision.
While there are a number of class action lawsuits started against Equifax, security experts state that the value of this information is less than $500 per person based on past court rulings. While it is possible that this could bankrupt Equifax if they have to pay damages to 144 million people, the amount someone can get hardly equals the problems that this data breach has created. As banks and credit card companies indemnify their customers against fraud, financial institutions are the entities that will be hurt the most by this data breach.
It took Equifax six weeks to disclose this massive July 29th theft to the public. During that time, the company provided rosy outlooks to investors while three key executives (Chief Financial Officer, President of Workforce Solutions and President of Information Solutions) sold $1.8 million of company stock in unscheduled sales.
Equifax states that the timing of the stock sales was a pure coincidence. So you know, it is common practice for executive management to sell shares on a regular, scheduled basis via 10b5-1 sales. Stock sales are done in this manner so that there is no question as to whether management is selling on insider knowledge. If insider trading occurred, each will see their profits disgorged while paying fines, losing their jobs and potentially serving jail time.
If that isn’t enough insider trading for this company, CNBC reported that someone bought an abnormally large ($163,000) number of September put options on Equifax stock on August 21st. When one purchases put options, they are betting on the stock price going done. After the data breach announcement last week, these options were worth more than $4 million. You can bet that the Securities Exchange Commission will be looking into that transaction.
This whole mess will cause Equifax (and their rivals) to attend two investigatory hearings by the House and Senate where Equifax will take a public lashing. Other than that, it is unlikely that much will happen to protect consumers against this in the future.
Haddon Libby is an Investment Advisor, Fiduciary and Managing Partner of Winslow Drake Investment Management. You can reach him at HLibby@WinslowDrake.com or 760.449.6349.