ABC: Equifax execs sold stock after hack discovered, but before alerting customer

By  | 

NEW YORK (ABC) -- The first class action lawsuit has been filed against the credit reporting company Equifax, claiming the company was negligent after it announced a massive data breach. That hack may have compromised highly sensitive personal information of more than 40-percent of Americans.

The FBI and several states have launched investigations.

Security experts are urging Americans to take the latest data breach seriously, knowing 143 million consumers could be at risk. Equifax said the hack happened between mid-May and July, but not discovered until July 29.

"It's significant because of the sheer size of it and the fact that it occurred at a credit reporting agency," said cyber security expert Adam Levin. "The secret is, you need to know as quickly as possible you have a problem."

Equifax is one of three major companies that tracks everything -- including your payments on credit cards, mortgages, student and car loans, and utilities -- to establish your credit score. The company says hackers had access to names, social security numbers, birth dates, addresses, driver's license numbers, and even credit card numbers for more than 200,000 Americans.

"The problem is that social security numbers are the skeleton key to our identities and when that's stolen, we're in a position where we're going to have to be looking over our shoulders for the rest of our lives," Levin said.

And even if you're not a customer of Equifax, experts warn your information may not be safe because Equifax gets its information from banks, credit card companies, and lenders -- not consumers.

ABC News has also learned three Equifax executives sold stock after the breach was discovered, but before the company alerted the public. The company maintains the executives did not know about the hack at the time.

"I deeply regret this incident and I apologize to every affected consumer and all of our partners," said Equifax CEO Richard F. Smith.

Equifax has set up a website to see if your information has been compromised. But there's a catch -- using that site means you are waiving your right to sue.