Already done.[1] Literally took me 10x longer to log into HN to comment than it took me to verify my vague memory of this event.
In addition to the SEC litigation into the executives, Equifax did a company-wide investigation and found that one of the developers for that breach notification website (the one that provided tons of false positive and false negatives and was spoofed by a security researcher) traded using his SO's equities trading account before the breach was revealed. The company found him and he has also been prosecuted[2].
From a tech perspective I feel like issues like this should have a public canonical ID. That would help regulators and reporters alike deliver information in a more clear, cost effective and accountable manner, disambiguation by default. Interested and affected parties could subscribe to updates on that key across the web.
In addition to the SEC litigation into the executives, Equifax did a company-wide investigation and found that one of the developers for that breach notification website (the one that provided tons of false positive and false negatives and was spoofed by a security researcher) traded using his SO's equities trading account before the breach was revealed. The company found him and he has also been prosecuted[2].
[1] https://www.sec.gov/news/press-release/2018-115
[2] https://www.zdnet.com/article/equifax-engineer-who-designed-...