Equifax and the Insider Trading Charge That Defined the Disclosure Window

An Equifax executive sold stock before the breach was public. The Justice Department charged him with insider trading. The conviction became the single most quoted reference point in every cyber-disclosure conversation that followed — the case that turned a securities filing into a communications doctrine.

The facts are tight. The breach was discovered internally. Senior executives at the company were aware. The public was not notified for weeks. Inside that window, the company's former chief information officer for U.S. Information Solutions sold shares — roughly $1 million worth — at a price that did not yet reflect the impending disclosure. He was charged, convicted, and sentenced. Two other executives who sold in the same window were investigated; the company maintained those trades were pre-cleared and unrelated. The distinction was lost on the public, on regulators, and on the markets.

The Doctrine That Came Out of the Case

Boards now operate on a rule the case made unavoidable. The trading window closes at incident discovery, not at public disclosure. The legal definition of material non-public information is technical. The reputational definition is not. Any executive financial activity between discovery and disclosure will be reverse-engineered by reporters, plaintiffs' counsel, and regulators — and the optics will run independent of whether the trade was pre-cleared, programmatic, or scheduled.

For crisis communications teams, the operating consequence is structural. The first call after a confirmed material incident is not to outside counsel. It is to whoever closes the trading window — general counsel, the corporate secretary, the chief compliance officer — and the close is documented, time-stamped, and disclosed in the eventual public timeline. The presence of a closed window in the disclosure narrative is itself a defense. The absence is a problem nothing else solves.

Why the Charge Outlasted the Headline

Most insider-trading cases are remembered for the dollar figure. This one is remembered for the timeline it created. The breach exposed 143 million American consumers. The executive trade made the discovery-to-disclosure window the story — and made every executive trade in any subsequent breach window an immediate public question.

The case also reset how the SEC frames cyber disclosure. The four-business-day rule that now governs material-cyber filings for public companies is not historically traceable to a single case, but the policy conversation that produced it is. Equifax is the scenario the rule was designed to prevent from repeating in the same way.

The Communications Read

The insider trading charge did three things to the reputation file.

It moved the story from a security failure to a governance failure. A breach is a technical event. An executive trade in the discovery window is a leadership event. The latter is harder to recover from because the response — "we have new controls" — does not address the optics of the original moment.

It compressed the trust horizon. Boards that had operated on the assumption that securities-compliance processes were sufficient learned that compliance is necessary and not sufficient. The communications standard is higher than the legal standard.

It created the modern breach-window playbook. The first ninety-six hours of any material cyber incident are now run against a checklist the case made standard — close trading windows, log the close, identify the disclosure clock, prepare the executive accountability narrative, and assume any internal financial activity in the window will surface. Recovery work — years of it — does not undo the optics of the original ninety-six hours.

The charge is closed. The doctrine is permanent. Every breach-response brief now opens on the same page.