.svg)
The US Securities and Exchange Commission (SEC) has said a public relations (PR) employee tipped off her friends with prior information on the massive Equifax data breach and illegally profited from trading stocks in light of that information.
The charges relate to the 2017 cyber intrusion and data breach at the credit reporting agency that exposed sensitive data belonging to around 147m consumers.
According to the SEC, Ann Dishinger, a finance manager at a public relations firm that Equifax hired to help handle expected inquiries, tipped off her partner Lawrence Palmer with the non-public news.
Palmer then contacted a former business client and arranged for the client to purchase out-of-the-money Equifax put options in the client's brokerage account.
Palmer later sent a cheque to the client for the purchase cost of the options with the memo line saying "Blue Horseshoe", referring to the coded language used to convey inside information in the 1987 movie “Wall Street”.
Palmer also tipped his brother who set up a similar arrangement with one of his high-school friends.
The SEC claims that the illegal trading gained the Palmers more than $100,000 in profits.
The regulator now accuses the finance manager and the brothers of insider trading, with the latter two agreeing to pay more than $100,000 each as disgorgement and penalty.
The case follows two previous insider trading charges against Equifax’ former employees, its chief information officer and software engineering manager, in 2018.
Equifax already in trouble
In 2019, the company agreed to pay $575m to settle charges from the Consumer Financial Protection Bureau (CFPB) and the Federal Trade Commission (FTC).
And now, the credit bureau is facing additional challenges around allegations that it sent lenders inaccurate credit scores.
In early August, the Wall Street Journal reported that Equifax sent lenders incorrect credit scores for millions of consumers during a three week period in March and April.
In some cases, the errors were relatively significant, showing at least 25 points difference to the actual scores.
This affected around 300,000 consumers, according to Equifax, which said the incident was caused by a coding issue when making a change to one of its servers.
The news reached Capitol Hill and spurred a congressional response.
Last week, Maxine Waters (D-CA), chair of the House Financial Services Committee, sent a letter to Equifax and a letter to the CEOs of the nation’s largest commercial banks demanding answers as to how the delivery of erroneous credit scores occurred.
Waters is also planning to introduce legislation in response to these events.
The lawmaker, who began her tenure as chair in 2019, also sent a letter to CFPB director Rohit Chopra urging the agency to investigate and use its tools “to ensure all harmed consumers are made whole impose a moratorium on Equifax providing any credit scores to financial institutions until it cleans up its act”.
Waters referenced the data breach in her letter, suggesting that these instances, as well as “a litany of research, studies, and testimony demonstrating how broken our consumer credit reporting system is, all underscore the urgent need for CFPB and Congress to strengthen consumer protections in this area”.
Data handling on regulators’ mind
There is, however, little need for encouraging the CFPB and its fellow consumer protection agency the FTC to crack down on big firms’ data handling practices.
Data privacy has been at the forefront of the activities of two agencies since at least last year when the current leadership took office.
The agencies have published a number of guidance and clarifications on how they expect companies to handle and safeguard consumer data.
Earlier this year, the FTC clarified that breached entities are required to disclose information to help parties mitigate reasonably foreseeable harm and launched a rulemaking process against “digital surveillance”, the practice of businesses collecting vast amounts of data about people, then analysing and profiting from it.
In parallel, the CFPB stated that financial companies may violate federal consumer financial protection law when they fail to safeguard consumer data and is looking at bigtech data handling practices.
