Following the Equifax data breach and the Meltdown/Spectre scandals, the U.S. Security and Exchanges Commission (SEC) issued a warning reminding executives that trading stock during such incidents classifies as insider trading and is punishable by law. In both of those incidents the CEOs and other executives sold stock after learning about the security issues, but before the problems were publicly revealed.
The SEC issued new guidance to clarify that company executives are not allowed to trade on insider information, such as knowing that their company suffered a data breach, until the information is made public.
The commission added that these are not new rules; they've been in place for a while. However, after several Equifax and Intel stock sales during the internal investigation of their respective security issues, the SEC thought it should issue a reminder:
Directors, officers, and other corporate insiders must not trade a public company's securities while in possession of material nonpublic information, which may include knowledge regarding a significant cybersecurity incident experienced by the company.
Equifax Data Breach
Equifax experienced one of the most devastating data breaches in U.S. history, as the personal information of over 145 million Americans was exposed. Meanwhile, several executives, including the Equifax CEO at that time, Richard Smith, sold stock worth over $1.8 million after learning of the data breach and before making the information public.
However, despite the SEC issuing the new guidance and clarifying that this was illegal, it previously declined to investigate the Equifax executives for insider trading. The executives are still under criminal investigation by the Justice Department.
Although Intel said that its CEO’s stock sale was “planned” for last fall, it turned out that Krzanich planned the sale only after learning about the Meltdown and Spectre vulnerabilities from Google. Again, this should not be allowed, according to the SEC’s new guidance, but for now it’s not clear if the agency is pursuing an investigation against Krzanich.
Either way, other companies were put on notice if they allow their executives to sell stock during internal security incident investigations, but how well the companies respect this new guidance may depend on how willing the SEC is to enforce its own rules when companies break them.