Bad Lawyers

Equifax Top Lawyer Investigated in Share Sales
Download PDF
1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)


Summary: The top lawyer at Equifax is being investigated for his role in the share sales by some of the company’s top executives.

The top Equifax lawyer is being investigated for his role in share sales by executives upon the news of their massive data breach. The Australian reports that the Board of Equifax is currently reviewing the lawyer’s actions as they try to determine who knew what about the hack and when it happened to better understand how those that learned of the hack handled that discovery.


Chief Legal Officer John J. Kelley had the top power in approving share sales by top executives days after the credit reporting company realized they had been hacked in late July. He is also responsible for security at the company.

There are three congressional hearings scheduled for this week where the former chief executive, Richard Smith, will testify and a focus on the company’s security approach and share sales will be included. Smith stepped aside last week as chairman and chief executive. In his resignation, Smith said it was in “the best interests of the company” and that the security breach was the “most humbling moment” in the company’s 118-year history.

The security breach at Equifax is under intense scrutiny after it was learned the hackers gained access through a publicly identified software vulnerability, which Equifax has since fixed. Four cyber risk analysis companies pointed out the weaknesses months before the attack when they analyzed publicly available information on their security systems. The cyber companies found that Equifax was behind on basic maintenance of their websites. An Equifax spokeswoman previously said the company took security measures seriously.

Get JD Journal in Your Mail

Subscribe to our FREE daily news alerts and get the latest updates on the most happening events in the legal, business, and celebrity world. You also get your daily dose of humor and entertainment!!

Kelley’s position differed from peers at rival credit reporting companies. He had a broad range of responsibilities exceeding legal services. He is one of the senior executives in charge of security. Sources indicate that former chief security officer Susan Mauldin used to report to Kelley. Along with the chief information officer, Mauldin retired just a week after the breach was disclosed last month. Kelley participated in the hiring of Mauldin, serving as her main contact with senior leadership.

Equifax explains that Kelley was put in charge of cybersecurity, instead of another executive, because he could provide an unbiased opinion when choosing to allocate money to IT and cybersecurity. His predecessor also oversaw security. As well as serving as the chief legal officer in charge of cybersecurity, he was in charge of government and legislative relations and corporate governance and privacy functions.

The actions by executives in question happened on August 1 and 2 when three of them sold shares. On August 3, the sales were reported by a deputy of Kelley to the Securities and Exchange Commission. Equifax claims the executives, including finance Chief John Gamble, were unaware of the hack when they sold their shares. The sales made them almost $1.8 million.

Equifax is conducting their own review but the executives were not involved in any meetings about the breach and the sales were made during a period when they were allowed to. The bigger concern is on Kelley and when he learned of the security breach. Equifax and their security staff apparently learned on July 29 of what had happened.

For the share sales, the company’s earnings report was posted on July 26. Their rules do not allow executives from trading immediately after an earnings report. The first day they would have been allowed to trade was July 28 or July 31.

Equifax’s outside counsel hired Mandiant, a cyber investigations division of FireEye, on August 2. Kelley should have been involved in that decision.

Kelley joined Equifax in 2013 from the law firm King & Spalding, where he had worked for 27 years. He graduated from the University of Virginia School of Law before joining King & Spalding, where he became a senior partner advising clients on SEC reporting and disclosure requirements. The law firm had worked with Equifax for several years, although Kelley was not one of the lawyers working with Equifax.

Do you think Kelley was aware of the breach when he approved the share sales? Share your thoughts with us in the comments below.

To learn more about cyber hacks, read these articles:



Interesting Legal Sites You May Like




Search Now

Senior Level Litigator

USA-CA-Woodland Hills

Woodland Hills office is seeking a litigation attorney with 5-7 years of experience and a background...

Apply Now

Litigation Associate Attorney


Stamford office of our client seeks litigation associate attorney with 3+ years of experience. The c...

Apply Now

Litigation Associate Attorney

USA-MO-Saint Louis

Saint Louis office of our client seeks litigation associate attorney with 2-5 years of experience. T...

Apply Now

Junior Litigator/Associate Attorney


Washington, D.C. office of our client seeks junior litigator/associate attorney with 2-4 years of tr...

Apply Now



USA-TX-Corpus Christi

Must be able to manage multiple tasks and meet deadlines; develop and maintain professional working ...

Apply now



Mauro Lilling Naparty LLP is New York’s larges appellate litigation law firm based in Woodbury...

Apply now

Commercial Real Estate / Corporate Transactional Attorney


Rogin Nassau LLC, a midsized Hartford area law firm has two exciting job opportunities, seeking both...

Apply now


USA-NV-Las Vegas

Prestigious Personal Injury Law Firm seeks an outstanding Attorney. Must be a Nevada licensed Att...

Apply now


To Top