Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Matt Levine has already stated that this won't result in a new rule; that there is nothing new here and everything falls under rule #1: "don't insider trade"


He also said this (which, scanning through this thread, appears to be a rare voice of reason):

> Also, though, I found it hard to imagine that those Equifax executives were consciously insider trading. It would just be too dumb. Equifax's press release reporting the breach says that it "discovered the unauthorized access on July 29 of this year and acted immediately to stop the intrusion," though it didn't announce it until yesterday because it was still investigating. The three executives filed Form 4s reporting sales on Aug. 1 and 2, days after the discovery. You could just about imagine them learning of the security breach, panicking, and selling everything -- except that they didn't sell everything. One sold about 4 percent of his stock holdings, another about 9 percent, another about 13 percent. Why do such comically obvious insider trading if you're only selling a small percentage of your stock? And indeed the company explained that these executives "had no knowledge that an intrusion had occurred at the time." I guess the time between "tech person discovers a security breach" and "top executives discover it's a huge embarrassing crisis" is more than a couple of days.


> I guess the time between "tech person discovers a security breach" and "top executives discover it's a huge embarrassing crisis" is more than a couple of days.

That's exactly right. I can imagine the gradual motion up the chain of command, with the progress actually slowing down as the size of the breach and potential exposure becomes more and more apparent, and each level trying to minimize the damage. I'd have hated to be the guy that had to tell the CEO...


Silicon Valley did it best, and it's funny because it's true: https://www.youtube.com/watch?v=ddTbNKWw7Zs


C-levels aren't notified of anything until there are concrete details to share. They don't want to be notified of every port scan or bruteforce attempt, nor do they want to deal with the scope of a confirmed breach changing on a daily basis ("yesterday you told me only N consumers were compromised, now you're telling me it's worse?!")-- a bad situation that gets reported as worse and worse every day is great for Fox News, but bad for shareholder confidence.

It's better for them that they don't know anything until they know everything.

"The guy that had to tell the CEO" (actually woman) was one of the two parties who resigned the other day.


Depends on the industry. Companies in certain highly-regulated industries are required to escalate even a minor breach of security ("We think something could possibly have happened, but there' no evidence anything did.") to C-level ASAP. One place I worked, if a breach was discovered by a janitor should make it to the C's within 24 hours or everyone in-between would be reprimanded, if not sacked.

But that was a very specific (and again, regulated) industry.


Owen Davis of Dealbreaker is skeptical:

When did the company learn of this incident? "We learned of the incident on July 29, 2017, and acted immediately to stop the intrusion and conduct a forensic review."

The trades in question took place between three and four days later. During this time, Equifax would have us believe, these three senior managers were kept in the dark about the fact that hackers had undertaken what may be the largest-ever private security breach right under their noses. Moreover, we’re to understand that even the chief financial officer remained unaware as the company “acted immediately” to right the ship.

http://dealbreaker.com/2017/09/equifaxs-execs-explaining-to-...


> Why do such comically obvious insider trading if you're only selling a small percentage of your stock?

Because then it makes it look innocuous and fools those who would scrutinize the behavior, like it did may have for anyone expressing the above opinion. It would be so blindingly damning to sell-off all of one's holdings, but selling off a small portion could allow for partial benefit of your asset at peak value before it declines.

If it were me, I'd do it exactly this way. I'd be trying to find the perfect intersection of mitigating the upcoming asset value decline and maximizing perceived innocuousness. Selling everything? That'd be a sucker's move.


The point is you're still going to be investigated, and it's not going to be fun, and probably not going to be worth the relative small gain you'll make even on the off chance you manage to get away with it. [That said, if it's me, I'm making a point of disclosing all future stock sales well in advance just to make sure this kind of thing can't come back to bite me.]


But they've spent their careers building up layers of untouchable-it is, and assuming since nothings bitten them before, they can do what they want... what's a minor investigation when you can grab a few mil? And get the probes quashed by just mentioning in a closed hearing how many SEC officials and congresspeople were involved in the breach, or maybe they weren't? Hard to figure out when I'm spending so much time in these hearings...

(I hate myself for having written that but ugh Too damn much tit-for-tat.)


This assumes none of them traded in the options market. An open question is who made the highly irregular $4.2M trade with such foresight.


It is indeed a puzzle, but not yet an exoneration.


Where is his list of rules? Sounds like a fun read but can't find anything on Google.


Here's the most recent run-down with links to where the Laws are established: https://www.bloomberg.com/view/articles/2017-07-13/main-stre...


Anyone got a link?


> I think we are up to the Seventh Law of Insider Trading. The first six are: (1) don't do it, (2) don't do it by buying short-dated out-of-the-money call options on undisclosed merger targets, (3) don't text or email about it, (4) don't do it in your mother's account, (5) don't do it by planting bombs at a company and shorting its stock, and (6) don't do it while employed at the Securities and Exchange Commission. I hereby declare the Seventh Law: (7) If you are going to insider trade, don't Google "how to insider trade without getting caught" before or after you trade.

https://www.bloomberg.com/view/articles/2017-07-13/main-stre...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: