What Not to Do In the Aftermath of a Data Breach; Don’t Let The Executives Sell Their Stock

News of hacked databases, email servers and financial institutions happen so often only the most egregious cases make headlines.  However, when they do occur, the scrutiny, attention and reputational damage brought about by such a breach can do real harm to a company.  Recently a breach of this magnitude occurred when Equifax determined 145 Million customer accounts were hacked after they failed to install security patches on their internal software.

As bad as the breach itself, Equifax, a large credit reporting agency, did not contain the damage very well.  News accounts clearly showed that they ignored warnings from Federal agencies of their vulnerability and never adequately explained why or how this oversight could occur.  To add insult to injury, shortly after the news of the data breach was released, Equifax began an aggressive email campaign cross-selling their identity theft protection tools.  As bad as their tone-deaf response to why the hack was allowed to happen, their attempt to profit from it was a bridge too far for many consumers and regulators who all demanded Congressional hearings.

As a result of the ensuing investigations into their actions, it was discovered that three of their top executives obtained approval from Equifax’s General Counsel to see large quantities of their stock prior the news of the hack being release.  The outcry was so deafening many of those executives are no longer with the company and additional investigations are ongoing.

Crisis will hit large corporations at one time or another along their history, but it is how they respond to that crisis is what determines if they survive it with their customer base intact.   Appearances of incompetence and greed in the aftermath have made Equifax a cautionary tale of what not to do when customers have been impacted by a crisis that was avoidable.  Instead of sidestepping direct blame and then trying to profit from their mistake, Equifax should have faced the issue with full transparency and taken full responsibility – while offering free protections and services that would better protect affected customers.   As for the shenanigans that surround stock sale approvals by executives; it goes without saying those moves are being regretted by a handful of unemployed executives.