In July, major national credit-reporting company Equifax was hit by a cyberattack that exposed personal information of about 143 million U.S. consumers. Three executives at the company sold shares that totaled $1.8 million only a few days after the company learned of the breach.

However, Equifax didn’t reveal details about the breach until September 7. Now the Department of Justice (DOJ) has reportedly opened an investigation to find out if those executives violated insider trading laws.

According to the U.S. Securities and Exchange Commission, “[I]llegal insider trading refers generally to buying or selling a security, in breach of a fiduciary duty or other relationship of trust and confidence, while in possession of material, nonpublic information about the security.”

The website included examples of insider trading cases, one of which is when “[C]orporate officers, directors, and employees who traded the corporation’s securities after learning of significant, confidential corporate developments.”

From Bloomberg earlier this month:

The credit-reporting service said earlier in a statement that it discovered the intrusion on July 29. Regulatory filings show that on Aug. 1, Chief Financial Officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock on Aug. 2. None of the filings lists the transactions as being part of 10b5-1 scheduled trading plans.

The three “sold a small percentage of their Equifax shares,” Ines Gutzmer, a spokeswoman for the Atlanta-based company, said in an emailed statement. They “had no knowledge that an intrusion had occurred at the time.”

The investigation includes the three mentioned above.

Equifax’s shares fell by 13% after news broke about the breach. This morning, Bloomberg reported that shares have now fallen 35%.

Again, the executives, these three men at the very top of Equifax, claim they had no idea the breach occurred when they sold their shares. Filings have shown that the transactions were not “part of pre-scheduled trading plans.”

USA Today reported that “Wyn Hornbuckle, a spokesman for the Department of Justice, referred questions to the office of U.S. [Attorney] John Horn in Atlanta, where Equifax is based.” Horn’s spokesman Bob Page told the publication “that federal prosecutors there are working with the FBI to conduct a criminal investigation of the cyberbreach and resulting theft of personal information.”

Scammers Target Equifax Victims

To make matters worse, scammers have capitalized on this breach and started to target victims of Equifax. The Federal Trade Commission (FTC) has issued a warning about these scams and steps to take to protect yourself. From International Business Times:

First and foremost, the FTC said consumers should never give out personal or financial information on an unsolicited call. If the consumer initiated the call and can verify the person on the other end of the call truly works for who they claim, then it is likely safe. But most companies will not cold call a person and request their information.

Secondly, consumers should not trust their caller ID to protect them. While a number may appear legitimate, it’s possible for scammers to spoof phone numbers so it looks like they are calling from a particular company. This is a prevalent tactic that scammers have adopted in recent years and will likely be put to use in order to make calls appear as though they are from Equifax or other financial resources.

Finally, consumers are advised by the FTC to immediately hang up on any robocall they may receive. Don’t press “1” when prompted, don’t wait to speak to a live operator, don’t even bother following steps to supposedly remove a phone number from the call list. The FTC warns any interaction is only likely to lead to more robocalls.