nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Equifax CEO falls on his sword weeks after credit biz admits mega-breach

Cough

...said that the executives had "no knowledge that an intrusion had occurred at the time they sold their shares" That's alright then.

31
1
WTF?

Re: Cough

When I worked for a large international bank, they made a HUGE thing about the share transactions we made. The principle was that there should not even be a possible implication of impropriety in any of our share dealings.

These transactions don't just have an implication of impropriety. They stink to high heaven.

The very least the executives should do is to give up the profit they have made as a result of the share price fall.

31
0
Bronze badge

Re: Cough

Could be worse - has someone asked the question as to whether they invested in derivatives and shorted their own stock?

2
0
Anonymous Coward

I think it was explained on these forums that US SEC regulations meant that the sale must have been planned for a while - certainly *before* the breach was known about.

Sometimes, a cigar is just a cigar ...

7
5
Silver badge

Yes and no. Executives have certain windows during which they can sell shares, and generally file their plans in advance just to avoid this type of controversy. However, they don't always note the exact number of shares, which leaves wiggle room to sell a lot more than originally planned if they become aware of adverse information.

If you had filed that you were going to sell 100,000 shares over the next couple years, and originally planned on selling say 12,500 per quarter but knew something bad happened and decided to sell 75,000 shares instead it would be following your SEC filing but would still be illegal insider trading. What makes it illegal isn't selling shares before bad news (or buying before good news, like a buyout) but basing your trading decisions (including decisions on how many shares at to buy or sell) based on that information.

I haven't seen the Equifax CEO's filings and trading history, but I imagine the SEC will be taking rather a close look. The problem would be in proving that if he i.e. sold 75,000 shares when he had previously always been selling 12,500 shares that it was done illegally. He might be able to convince a jury that he was house shopping in the Hamptons and wanted to have cash at the ready in case he found what he was looking for. Get a realtor friend to say "oh yeah, I showed him several properties in July" and there's your reasonable doubt...

8
1
Silver badge

"We don't understand why this amazingly coincidentally timed and profitable transaction is receiving so much public ire," whined some high level executives currently under SEC investigation. "Just because hundreds of other men demographically exactly like us unlawfully obtained billions of dollars in situations extremely similar to this one and suffered mostly minimal consequences is no reason for the public not to trust us at this current time."

The executives went on to state that due to this misunderstanding, they were the true victims of the Equifax data breach crisis: "...[not] the little people, and their pitiful identities- who can tell one from the other anyway, they are all dirty unwashed sods... If there's a settlement or clawback, we'd better get the first pick at it, not the fucking useless proles... shit, was my mike on?"

9
0

Maybe Equifax is different, but when I worked for a US finance company, all trading needed to be approved by the compliance department, and such approvals were good for 24 hours. Presumably this was to ensure that embarrassing situations like this could not arise.

5
0
Anonymous Coward

'Sometimes, a cigar is just a cigar'

"Close, But No Cigar" @AC... Here's why:

A. The 'date of breach' isn't the 'real date of breach'.

B. There were several other key breaches before...

~~~~~~~~

https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed

5
0
Anonymous Coward

Not going to receive his bonus

How about his pay for the last, oh, five years, can some of that be clawed back?

5
0
Silver badge

Re: Not going to receive his bonus

How about his pay for the last, oh, five years, can some of that be clawed back?

How would you feel if low income workers who were fired for incompetence or misconduct had to give back several years of historic pay? I wouldn't be comfortable with that, and equally I don't think the ex-CEO of Equifux should be subject to clawback by the company, no matter how angry people (rightly) feel about his company's bungling.

Now, if there's provable criminal or negligent behaviour that might result in personal fines, and I'm not worried by that, but that's different (and one for the courts).

14
3

Re: Not going to receive his bonus

Different situation. US execs are employed under a contract, negotiated individually, which explicitly states under what circumstances the two parties can be separated. Being booted for gross misconduct allows the company to do a lot usually.

7
0
Silver badge

Re: Not going to receive his bonus

Now, if there's provable criminal or negligent behaviour

I can prove that the employee who "fixed" the brakes on your car was qualified in music composition and engaged on a salary far exceeding that of a fully qualified mechanic. Your car crashed because the brakes failed in a way that is demonstrably due to incompetent maintenance.

Is there prima facie evidence of negligence here? Any ambulance chaser worthy of his knee pads would be biting your arm off to get the case. It doesn't matter if the incompetent employee read a Haynes manual in her spare time - the garage paid over the odds for an unqualified employee in a safety critical role. The garage has to settle - the insurers would never allow a trial with no credible defence. The remaining question is whether the insurers take it on the chin or go after the MD personally since his gross dereliction of duty and failure to supervise is what caused this mess.

8
2

Re: Not going to receive his bonus

Bonus? Why? He gets $USD 18,477,100 for retirement. (According to the company 2017 proxy statement.) That is almost the least they can give him (it's $100k less if they actually terminated him but that is probably chump change compared to litigation costs).

There are also vested stock awards; unlikely, I think, that he will get much out of those.

5
0
Silver badge

Re: Not going to receive his bonus

"How would you feel if low income workers who were fired for incompetence or misconduct had to give back several years of historic pay?"

They're not going to be the ones making company policy or overseeing company policy being carried out. The reason CxOs are paid a lot of money is that they carry responsibility. If they fail to discharge that properly that over a long period why shouldn't some of that money be clawed back?

5
0
Anonymous Coward

Re: Not going to receive his bonus

> How would you feel if low income workers who were fired for incompetence or misconduct

> had to give back several years of ... pay?

Apples and Oranges. Or maybe Apples and Lear Jets.

Low income workers are already getting screwed, frankly. And trying to get blood from a turnip, and all that. But this fuckwit apparently has plenty of blood. In other news some retirement fund that invested in Uber wants its money back because of Uber's fuckwits and fuckups. Why should this be any different?

He gets $18M for retirement. What have we got to show for the millions he's already been given and we're going give him $18M more? I'm almost certainly a shareholder through my 401k. Enough is enough, time to stop giving these assholes so much, for so little in return.

Yes, I'm starting to feel a bit like Mssr and Madam Defarge.

4
0
Facepalm

I hope this doesn't affect his credit rating...

But at least he's now like all his customers' data. Free. Forever.

8
0
Anonymous Coward

Re: I hope this doesn't affect his credit rating...

Do rich people have credit files? Do they ever apply for credit?

3
0
vir
Bronze badge

Re: I hope this doesn't affect his credit rating...

To quote Randy Moss:

"When you're rich, you don't write checks. Straight cash, homey."

5
0
Silver badge

Re: I hope this doesn't affect his credit rating...

It's a different metric and not credit as we hoi polloi know it since rich people theoretically can back it up with cash as a security. Even so, when you're rich, you don't spend your money, you spend other people's money so that if/when your business goes under you limit your liability. Why risk your money when you can sucker someone else to do it and get the profit either way? Just look at the latest example of the LA Rams/Chargers stadium boondoggle.

6
0
Silver badge

Re: I hope this doesn't affect his credit rating...

To quote Randy Moss

Yeah - but he's an NFL player. All those blows to the head don'tchaknow..

0
0
Silver badge

Local Story

According to WSBTV (local Atlanta media) he gave a talk at (th)UGA about cybersecurity in mid to late August, well after the incident. There was a Japanese custom of committing suicide if you dishonored yourself or others by your actions. If he had any honor he would learn how to do it correctly.

13
1
Silver badge

Smith is due to appear before the House Energy and Commerce Committee on October 3 to answer questions about the hack. It's not immediately clear whether or not do Rego Barros will take his place.

I suppose it doesn't matter, really, they could both say "I have no recollection of these events" with equal clarity...

8
0
Silver badge

they could both say "I have no recollection of these events" with equal clarity...

And I'm sure they'll both qualify to have a rabid company-supplied minder^W lawyer to make sure that they don't say anything unfortunate..

(Where unfortunate == "something that will make us liable in court for anyone who's lost out because of identity theft linked to this unfortunate incident that the evil press have blown out of all proportion")

0
0
Anonymous Coward

re: How about his pay for the last, oh, five years, can some of that be clawed back?

I think a better way is that any bonuses predicated upon future performance should be linked to *that* performance. Not the performance just gone.

If you knew your company had to remain in good shape for (say) 3 years for you to be able to cash your bonus, there's a good chance the company will be doing very well.

(see: Phillip Green)

7
0

Share Price

The business's reputation is thoroughly bust, but it's share price is remarkable resilient.

I wonder if this would be because client businesses have few alternatives?

6
0

Re: Share Price

There are 3 out there. And this does not affect their customers. Think about it.

5
0
Joke

Huh. Three C-level resignations & a 25% stock drop. This might just be enough to get folks to take security seriously.

6
1
Bronze badge

Yup - the joke alert icon is very appropriate.

1
0

Was he a "diversity hire", too?

Oops, did I just assume "its" gender?

Mea maxima culpa!

4
3

Equifax CEO "retires"

More like "bails out with his golden parachute."

FTFY

8
0

Ethics statements fell very very flat

Have a read of the Equifax employee ethics standards (page 21 and page 22). A lot of corporate fluff about preserving IP and being careful not to expose confidential data and care with relations with customers. Paying customers, that is.

Absolutely nothing about the care and protection of personally-identifying-information. PII. Which is their whole business.

http://www.equifax.com/assets/corp/code_of_ethics.pdf

3
0
Silver badge

swords aren't what they used to be

There really needs to be a term for this: haha kiri, perhaps.

7
0
Silver badge
Thumb Up

Re: swords aren't what they used to be

"There really needs to be a term for this: haha kiri, perhaps."

Seppfukyu ?

6
0

I hope Equifax has some kind of rating and i'd like to see it adjusted accordingly!

3
0

$18M payout???

OK El Reg, how exactly is an $18M payout falling on one's sword? The first rule of incompetence club is never talking about incompetence club. A rule held close by Equifax.

3
1
Silver badge

Re: $18M payout???

Hopefully, falling onto 18 million dollars worth of swords. Maybe he can be like Scrooge McDuck, but swimming though a bin of sharpened steel instead of gold coins. That's a joke, I actually don't support the painful death penalty or the normal one either. But honestly anyone who accepts $18M after fucking up that bad doesn't really care about helping me keep that opinion.

3
1
Silver badge
Devil

If you must stuff up

Stuff up BIG TIME.

It pays better.

2
1
Anonymous Coward

...'Will not be compensated for doing so'...

Really??? How generous of him... If 'this game' isn't stacked against the rest of us... Gotta love America, Fuck-Yeah! :

-

"During his career at Equifax, Smith took home about $165 million, according to data compiled by Bloomberg. That includes salary, bonuses, taxable perks and the value of stock options exercised and stock awards that vested."

-

"Equifax said Smith would not receive any annual bonus specifically for 2017. Nevertheless, he is in line to receive a 73,392-share bonus early next year as part of the long-term incentive plan the company put in place back in 2008. That's on top of the $52 million he will walk away with in stock and other retirement benefits that he accrued as part of his nearly 12-year run as CEO. That doesn't even include the nearly $13 million he received in salary and cash bonuses for the past three years alone. He also may be entitled to lifetime health insurance and $60,000 worth of financial planning and tax advice. What's worse, Equifax's very limited clawback policy, which the company has called "rigorous," applies only to financial restatements. That means Smith will have to return almost none of this tens of millions of dollars of pay, even if the company eventually finds that the hack has was his fault."

4
0
Anonymous Coward

been hired to run NHS, etc

yet?

1
0
Silver badge

Re: been hired to run NHS, etc

No - but the OPM department are probably keen to hire him. After all, he's already made data-loss great again!

0
0

Warning: Pun ahead

Given that they breached the personal info of nearly *144* million US citizens - does that count as GROSS incompetence?

1
0

Falling on sword... More like Quitting when the going gets tough.

Reading about CEO's stepping down when their company has a problem to me equates to someone saying F*** it and quitting when there is hard work ahead. The only message it says is that the company will be in more disarray.

2
0
Bronze badge

Congressional Hearing Transcript

CEO: Yes, we're absolutely positive the breach to our systems happened six months ago.

Congress: What evidence do you have of this?

CEO: Six months ago we first started seeing anomalous behavior on our system logs

Congress: This is fantastic news! How far back do you keep logs?

CEO: Six months.

:(

1
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing