WASHINGTON (Reuters) – A U.S. senator on Tuesday called for a criminal investigation of executives from credit bureau Equifax Inc (EFX.N) for stock sales after a massive data breach this summer, comparing their actions to insider trading.
The breach, which the company learned about in July but did not acknowledge until this month, also prompted expressions of concern from U.S. Treasury Secretary Steven Mnuchin, while the Massachusetts attorney general said her state planned to sue.
Cyber security experts believe it is one of the largest data hacks ever disclosed.
Senator Heidi Heitkamp, a Democrat on the Senate Banking Committee, said it was “disturbing” that it appeared Equifax executives sold nearly $2 million of company stock in the time between learning of a sweeping hacker intrusion and making it public.
“If that happened, somebody needs to go to jail,” Heitkamp said at a credit union industry conference in Washington. “It’s a problem when people can act with impunity with no consequences. How is that not insider trading?”
Heitkamp is the latest U.S. senator to ask that Equifax be held to account. On Monday, Senator Orrin Hatch, who chairs the Finance Committee, and ranking Democrat Ron Wyden demanded that Equifax Chief Executive Rick Smith provide a timeline of the breach and its discovery.
On Wall Street, Equifax closed 2.5 percent higher at $115.96 on Tuesday, reversing slightly a 21 percent slide since the hack was reported.
Three days after Equifax discovered the breach, three top company executives, including Chief Financial Officer John Gamble, sold Equifax shares or exercised options to dispose of stock worth about $1.8 million, regulatory filings show.
Equifax said in a statement last week that the executives were not aware that an intrusion had occurred when they sold their shares.
Any investigation of alleged insider trading would likely involve the Securities and Exchange Commission. A spokesman for SEC Chairman Jay Clayton declined to comment.
The Federal Bureau of Investigation said it was investigating the Equifax hack.
In Massachusetts, state Attorney General Maura Healey said she intended to file a lawsuit against Equifax for allegedly failing to maintain appropriate safeguards to protect customers’ data, including that of nearly three million Massachusetts residents.
“In all of our years investigating data breaches, this may be the most brazen failure to protect consumer data we have ever seen,” Healey said in a statement.
Equifax had initially appeared to offer credit monitoring to breach victims only if they forfeited their right to file a lawsuit. NY Attorney General A.G. Schneiderman said Tuesday that Equifax removed that language from its website.
U.S. Treasury Secretary Steve Mnuchin on Tuesday called the Equifax breach “quite unfortunate” and insisted that his top priority is to make sure financial data is safe.
“I am concerned about the global financial system and keeping it safe,” he said at the CNBC Institutional Investor Delivering Alpha Conference in New York.
The acting Federal Trade Commission chairman, Maureen Ohlhausen, declined to say if that agency was investigating the breach.
“We’re trying to get a handle on the scope of all of this. We’re certainly taking this very seriously,” she told reporters at an antitrust conference.
The agency has historically probed big breaches but only sued companies that had been sloppy in protecting consumer data.
Equifax did not respond to Reuters requests for comment.