Move Over, Enron: Equifax Is Next
The worst problem of modernity lies in the malignant transfer of fragility and antifragility from one party to the other, with one getting the benefits, the other one (unwittingly) getting the harm, with such transfer facilitated by the growing wedge between the ethical and the legal. This state of affairs has existed before, but is acute today— modernity hides it especially well.
—Nassim Taleb, Antifragile: Things That Gain from Disorder (Incerto)
Expect the name John Gamble to join the pantheon of evil business crooks. Alongside Kenneth Lay, Jeffrey Skilling, and Arthur Andersen.
Equifax executives, it seems, traded your most personal financial information to criminals for a few million dollars in personal gain. Here’s how it went down:
- Equifax failed to properly secure its systems and your data
- Hackers breached Equifax’s porous security 3 times this year alone
- Cyber criminals stole Social Security Numbers, dates of birth, and credit card numbers belonging to 143 million Americans (or more)
- Equifax executives sold their Equifax stock between the time the breach was discovered and the time the breach was disclosed
Simon Black summarized Equifax’s criminal negligence on Sovereign Man Blog:
Literally over one third of the entire US population is at risk of identity theft now thanks to Equifax’s bungling.
Bear in mind this is the THIRD TIME in 16 months that Equifax has been hacked– there was another breach earlier this year, and another in May 2016.
Even worse– this wasn’t an overnight attack. Hackers spent MONTHS probing the Equifax network, burrowing deeper into the system and gaining access to more and more data with each attempt.
Yet Equifax’s defenses failed to detect anything.
You feel for the people who work at Equifax. Not the executives and decision makers. The workers. The people who took a good job with good pay and benefits. The people who thought they were working for a solid company that provides a vital service.
You feel worse for the 143 million Americans who will suffer because Equifax executives put “shareholder value” ahead of responsibility, accountability, quality, and honesty. You pity 143 million who will suffer because Equifax executives wanted to pad their pockets.
Nobody likes credit bureaus. The term “credit bureau” raises blood pressure. Credit bureau means stress. Credit bureau means financial risk. Just hearing the name Equifax triggers a sick, “here we go” sensation.
And “here we go” means you will suffer, maybe lose your house or car, while Equifax executives enjoy their millions. Simon Black explains:
Finally on July 29, a whopping TEN WEEKS after the attacks started, Equifax realized that something was wrong.
Senior executive responded to the data breach by… selling their stock.
Yes, in the days following their discovery of the hack, three of the company’s executives sold nearly $2 million worth of stock.
If Simon Black’s blog is too sensational for you, here’s how Bloomberg put it:
Three Equifax Inc. senior executives sold shares worth almost $1.8 million in the days after the company discovered a security breach that may have compromised information on about 143 million U.S. consumers.
Change All Your Credit Cards
At a minimum, all your credit cards and debit cards will probably be replaced with new ones in the next 30 days. Have autopay connected to those cards? You’ll have to update your card number.
You’ll also have to watch your credit reports. All three. Someone probably has your SSN, your DOB, and your driver’s license number. They have all the data they need to take out loans in your name, change your bank account, redirect your 401k. Whatever they want.
You’ll have to change it all. And the one you forget will bite you. Trust me. Expect to be hit with overdrafts, late payment penalties, and a crashing credit score when your autopay is declined because you forgot to update your debit card number.
Some of us will discover we own a house in Orange County. Maybe it’ll be used by a drug lord. Wouldn’t that be nice?
Equifax Hit With Largest Class Action Suit in History
Luckily, Mark Geragos has already filed a $70 billion class action lawsuit against these Equifax crooks. You find out more about the lawsuit here. The lawsuit alleges:
“In an attempt to increase profits, Equifax negligently failed to maintain adequate technological safeguards to protect Ms. McHill and Mr. Reinhard’s information from unauthorized access by hackers,” the complaint stated. “Equifax knew and should have known that failure to maintain adequate technological safeguards would eventually result in a massive data breach. Equifax could have and should have substantially increased the amount of money it spent to protect against cyber-attacks but chose not to.”
The money that Equifax didn’t spend on security it spent on something else. It spent it on executives and shareholders, as we shall see.
Expect more suits. Suits against the three scumbag executives who sold their stock between the breach’s discovery and its belated disclosure.
John Gamble “With Your Money”: The New Kenneth Lay
Expect the names of those executives become synonymous with criminal disregard for the public’s well-being. But one name will stand out: John Gamble.
As in “Gamble with other people’s money.”
As in “Gamble with other people’s identity.”
As in “Gamble with other people’s lives.”
John Gamble is Equifax’s Chief Financial Officer. The CFO is typically the second most powerful person in the corporate management structure, second only to the CEO. The CFO knows more about the goings on in a business than anyone. Everyone who knows business knows the CFO knows.
Yet, Equifax claims John Gamble knew nothing about the breach when he conveniently sold 13 percent of his stock in the company. The stock he sold AFTER Equifax learned of the breach but BEFORE Equifax disclosed the breach.
Do you believe the second-ranking officer of Equifax did not learn about the breach before it was disclosed to the public? Is Equifax that poorly managed? Or is Equifax another criminal corporation?
As Corporate Vice President and Chief Financial Officer at EQUIFAX INC, John W. Gamble Jr. made $2,652,107 in total compensation. Of this total $632,243 was received as a salary, $758,692 was received as a bonus, $0 was received in stock options, $1,244,532 was awarded as stock and $16,640 came from other types of compensation. —Salary.com
While Equifax maintains its CFO did not know about the breach, Gamble’s $1 million trade was NOT part of a 10b5-1 trading plan.
A 10b5-1 trading plan allows corporate executives to trade company stock on a predetermined plan. The plans protect executives from accusations of insider trading by forcing the executives to schedule trades far in advance.
But Gamble’s million-dollar move wasn’t scheduled in advance. It was apparently ad hoc. On the spur of the moment. On a whim. Because CFOs make a lot big financial moves on a whim, don’t they?
So, do you still believe the Chief Financial Officer knew nothing about a massive data breach at his company? A breach that was sure to hurt Equifax’s stock price? A breach that was sure to require financial losses to victims? A breach that was sure to require huge investments in data security?
Why Did Equifax Wait a Month to Disclose the Breach?
Tyler Durden of Zero Hedge explains:
The company, which in delightful irony offers credit-monitoring and identity-theft protection products to “guard consumers’ personal information”, said that it had learned of the incident on July 29, 2017, at which point it reported the intrusion to law enforcement and contracted a cybersecurity firm to conduct a forensic review: based on the company’s investigation, the unauthorized access occurred from mid-May through July 2017. Oddly enough, it took shareholders and over a third of America, more than a month longer to learn that all their personal data may have been compromised.
Do you really believe that CFO John Gamble (with your money) was kept in the dark about the largest breach of sensitive information in the company’s history? For a full month?
Or is Equifax lying?
Equifax’s Stock Buy-Back Scam
Equifax likes stock buybacks. A stock buyback is a tool for companies to drive up their stock price without increasing the value of the company. Usually, companies borrow money and use the loans to buy their own stock. The buying activity drives up the price of the stock. Executives then sell their inflated shares (including those received as part of their executive compensation), removing value from the company.
Equifax is one of those companies that buys back its own stock to line the pockets of its executives. In 2015, Equifax bought back $550 million worth of its own stock. That $550 million could have bought a lot of data security.
And it probably did. You can bet John Gamble’s personal network is safe and secure. Gamble gambles with other people’s money, not his own.
Why Is Equifax Scamming Victims Out of Their Right to Sue?
Equifax, which waited a month to disclose its breach to consumers, inserted a neat little scam into its announcement. Enron would be proud.
Equifax posted an online page where consumers to check to see if Equifax lost their data to criminals. After you get the message, “Yeah, you’re probably screwed,” Equifax offers free, premium identity protection. (Like, really?)
I won’t link to Equifax’s scam page. It’s a scam.
If you click the link for the free premium identity protection from the company that lost 143 million SSNs, driver’s license data, and credit card numbers, you forever waive your right to sue Equifax.
In other words, Equifax is scamming the consumers they’ve already robbed. Scamming them out of their right to sue.
Crafty. Evil, but crafty.
Equifax’s identity-protection scam fits with the company’s lobbying efforts, too. Equifax wants the government to prohibit law suits against credit reporting bureaus. Via BoingBoing:
Before Equifax doxed 143 million Americans (but after it had suffered repeated smaller breaches that should have alerted the company to deficiencies in its security), it directed its lobbying body, the Consumer Data Industry Association, to pressure the Consumer Financial Protection Bureau to exempt credit-reporting bureaux from a soon-to-begin rule banning binding arbitration clauses in user agreements.
Free markets can’t work when government regulators get involved. Shouldn’t free marketers demand draconian punishment for people who give free markets a bad name?
Equifax Gives Free Markets a Bad Name
If you’re a free-marketer like me, you must really hate Equifax right now.
Every time a scumbag company like Equifax or Enron puts shareholder value first, a lot of people assume all business is evil and corrupt.
It’s not true. Most businesses and most corporate executives strive to build good companies that serve customers well.
But the crooks like those at Equifax get all the press. When Equifax borrows money to buy back its stock to line the pockets of its executives who delay disclosure of a data breach while they sell off 13 percent of their Equifax stock before the plunge, people get cynical. About business.
Solution to Evil Executive Syndrome
Punishment for corporate malfeasance can go draconian for a time. By draconian, I mean something like this:
- Freeze all assets of executives, board members, and major shareholders pending the results of litigation and prosecution. By “all assets,” I mean everything: homes, bank accounts, credit cards, investments, passports. Freeze all income in excess of $25,000. Everything. They’ll get it back if they’re innocent. We do this to kids who get caught with an ounce of pot; we can do it to millionaire executives and investors.
- If found guilty of negligence, the minimum punishment for executives is 25 years in prison, forfeiture of all assets and income, and permanent loss of the right to own stock in any publicly traded company.
The goals of these draconian punishments are simple:
- Encourage investors to hold management accountable for good business and great products first, not shareholder value.
- Make the punishment for a white-collar crime so severe that no one would think about trying it.
In short, the solution begins to transfer the downside risks to the people with upside potential. It makes men like John Gamble have skin in the game. And it threatens to fry that skin if they cheat.
Put another way, my draconian punishments for white collar crimes would encourage “heroism” among business executives and investors. As Taleb explains in Antifragile:
In traditional societies, a person is only as respectable and as worthy as the downside he (or, more, a lot more, than expected, she) is willing to face for the sake of others. The most courageous, or valorous, occupy the highest rank in their society: knights, generals, commanders. Even mafia dons accept that such rank in the hierarchy makes them the most exposed to be whacked by competitors and the most penalized by the authorities. The same applies to saints, those who abdicate, devote their lives to serve others— to help the weak, the deprived, and the dispossessed.
Following the 2007-2008 financial crash, no one went to jail. No executive lost money. Taxpayers made them all whole. It was like a government-run stock buyback where you and your grandkids got stuck paying off the debt. In Taleb’s model, gains were involuntarily transferred to the rich and risks (and losses) to the poor. And the government oversaw that transfer.
In the case of Equifax, I’d go one step further. I’d allow consumers to sue Equifax’s customers. Visa, MasterCard, Discover, all the banks. Anyone who pays Equifax for data and credit scores, anyone who reports to Equifax. Sue them all.
Because of the unique relationship between credit companies and credit bureaus, a credit bureau’s customers owe their customers fiduciary duty in scrutinizing vendors. Any bank that does business with Equifax is culpable for what Equifax does.
Strategically, if Discover and Bank of America face huge losses because of Equifax’s negligence and malfeasance, Discover and Band of America will beat the living hell out of Equifax.
In the end, the immediate goal is to drive Equifax’s stock to zero. It’s a shame that many retail investors will lose money. It’s a shame thousands of decent, innocent Equifax employees will lose their jobs. Just as Enron’s employees did. Most recovered.
But the free market is more important than any company, any job, within that market. To survive—to deserve to survive—free markets must be self-regulating. Rather than writing a flurry of laws will be penned by lobbyists, let’s allow Equifax’s victims to divide up whatever assets Equifax and its crooked executives might have. And let Equifax’s corporate customers put skin the game, too.