Bad Lawyers

Equifax Top Lawyer Investigated in Share Sales
Download PDF
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)


Summary: The top lawyer at Equifax is being investigated for his role in the share sales by some of the company’s top executives.

The top Equifax lawyer is being investigated for his role in share sales by executives upon the news of their massive data breach. The Australian reports that the Board of Equifax is currently reviewing the lawyer’s actions as they try to determine who knew what about the hack and when it happened to better understand how those that learned of the hack handled that discovery.


Chief Legal Officer John J. Kelley had the top power in approving share sales by top executives days after the credit reporting company realized they had been hacked in late July. He is also responsible for security at the company.

There are three congressional hearings scheduled for this week where the former chief executive, Richard Smith, will testify and a focus on the company’s security approach and share sales will be included. Smith stepped aside last week as chairman and chief executive. In his resignation, Smith said it was in “the best interests of the company” and that the security breach was the “most humbling moment” in the company’s 118-year history.

The security breach at Equifax is under intense scrutiny after it was learned the hackers gained access through a publicly identified software vulnerability, which Equifax has since fixed. Four cyber risk analysis companies pointed out the weaknesses months before the attack when they analyzed publicly available information on their security systems. The cyber companies found that Equifax was behind on basic maintenance of their websites. An Equifax spokeswoman previously said the company took security measures seriously.

Get JD Journal in Your Mail

Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!

Kelley’s position differed from peers at rival credit reporting companies. He had a broad range of responsibilities exceeding legal services. He is one of the senior executives in charge of security. Sources indicate that former chief security officer Susan Mauldin used to report to Kelley. Along with the chief information officer, Mauldin retired just a week after the breach was disclosed last month. Kelley participated in the hiring of Mauldin, serving as her main contact with senior leadership.

Equifax explains that Kelley was put in charge of cybersecurity, instead of another executive, because he could provide an unbiased opinion when choosing to allocate money to IT and cybersecurity. His predecessor also oversaw security. As well as serving as the chief legal officer in charge of cybersecurity, he was in charge of government and legislative relations and corporate governance and privacy functions.

The actions by executives in question happened on August 1 and 2 when three of them sold shares. On August 3, the sales were reported by a deputy of Kelley to the Securities and Exchange Commission. Equifax claims the executives, including finance Chief John Gamble, were unaware of the hack when they sold their shares. The sales made them almost $1.8 million.

Equifax is conducting their own review but the executives were not involved in any meetings about the breach and the sales were made during a period when they were allowed to. The bigger concern is on Kelley and when he learned of the security breach. Equifax and their security staff apparently learned on July 29 of what had happened.

For the share sales, the company’s earnings report was posted on July 26. Their rules do not allow executives from trading immediately after an earnings report. The first day they would have been allowed to trade was July 28 or July 31.

Equifax’s outside counsel hired Mandiant, a cyber investigations division of FireEye, on August 2. Kelley should have been involved in that decision.

Kelley joined Equifax in 2013 from the law firm King & Spalding, where he had worked for 27 years. He graduated from the University of Virginia School of Law before joining King & Spalding, where he became a senior partner advising clients on SEC reporting and disclosure requirements. The law firm had worked with Equifax for several years, although Kelley was not one of the lawyers working with Equifax.

Do you think Kelley was aware of the breach when he approved the share sales? Share your thoughts with us in the comments below.

To learn more about cyber hacks, read these articles:





USA-CA-San Ramon

Currently looking for an experienced Paralegal to fill an opening with a family law firm located in ...

Apply now

Litigation Attorney

USA-CA-Los Angeles

Small boutique trial law firm seeks attorney with extensive law and motion and courtroom experience....

Apply now

Bilingual Paralegal


Small personal injury law firm in Rockville seeking bilingual (Spanish) person for a full-time, on-s...

Apply now

Post-Conviction Resource Attorney

USA-CA-Los Angeles

POSITION: Post-Conviction Resource Attorney LOCATION: Hybrid work model; required travel to on-si...

Apply now




Search Now

Venture Capital Attorney

USA-CA-San Diego

San Diego office of a BCG Attorney Search Top Ranked Law Firm seeks corporate business attorney with...

Apply Now

Real Estate Attorney

USA-CA-San Diego

San Diego office of a BCG Attorney Search Top Ranked Law Firm seeks transactional real estate attorn...

Apply Now

Experienced Health Care Attorney


Portland office of a BCG Attorney Search Top Ranked Law Firm is seeking health care attorney with 5-...

Apply Now


To Top