Did Intel’s CEO try to profit off a massive security breach before other investors could find out about it? The Wall Street Journal highlights trades made by Brian Krzanich in November, months after the world’s most storied microprocessor producer found out about flaws in their designs, as well as in the products of rivals. Krzanich may have made $25 million by getting out ahead of the story:

The sale of Intel Corp. INTC +0.18% stock by Chief Executive Brian Krzanich while the company was handling concerns about security flaws in its chips was a highly unusual move that risked attracting regulatory scrutiny, according to lawyers and analysts who follow executive stock sales.

The trade took place on Nov. 29, nearly six months after Intel was informed about the vulnerabilities, which could enable hackers to access user data in chips made by Intel and others. Mr. Krzanich sold shares and exercised stock options worth a total of $39 million, netting him nearly $25 million, according to regulatory filings made at the time.

 

Sound familiar? It should; Equifax executives have come under scrutiny for a similar set of circumstances, selling off significant amounts of stock after a massive hack exposed financial data from tens of millions of consumers. Equifax insists that the three executives knew nothing of the hack when they made the sale. Nevertheless, all three executives involved have left the firm, and the CEO got the boot after the Department of Justice began taking a look at the hack and the stock sales. (It didn’t prevent Equifax from landing a fat, no-bid government contract, however.)

It will be tough for Krzanich to claim he had no knowledge of the flaws at the time of the sale. Google discovered the issues last spring and had notified the manufacturers by June 1st. The flaws — known as “Meltdown” and “Spectre” — are apparently so basic that software updates won’t fully address the risk. It might make every single computing device on the market obsolete, a crisis that absolutely would have risen to CEO level:

On June 1 last year, a member of Google’s Project Zero security team notified Intel and other chip makers of the vulnerabilities. Even with the lead time, Intel and others are still trying to plug the security gaps. One issue is getting security updates to billions of devices. Another is that some security patches could slow performance, as the flaws affect chip features designed to speed up processors. …

Intel said it expects by the end of next week to have issued software updates for more than 90% of processors introduced in the past five years.

Other vendors already have issued patches. Apple said in addition to its mobile devices and computers, its Apple TVs were affected, though not the Apple Watch. It also said a fix for the company’s Safari web browser to defend against the Spectre flaw was expected in the coming days.

Apple said its fixes didn’t result in any performance slowdowns. Google said Thursday it developed a patch with “negligible impact on performance.” Intel said any performance degradations would be minimal for average users and diminish over time, adding that it plans redesigned chips within a year. The company said it didn’t anticipate any financial impact from the security issue.

So when did Krzanich structure his trades on his Intel stock options? October 30th, almost five months after Intel was advised of the flaw but two full months before the flaw became public knowledge. Not only is the timing suspicious, the size of the trade raises red flags too:

Mr. Krzanich’s trade stands out because it deviated from the CEO’s previous pattern of incremental sales of Intel stock, according to Ben Silverman, a researcher at InsiderScore LLC, a clearinghouse for information about trades made by corporate and institutional insiders. In addition to exercising more than $28 million in options, the CEO sold nearly 50% of his unrestricted stock, reducing his unrestricted holding to 250,000 shares, the minimum set by Intel’s executive stock ownership guidelines according to the company’s most recent proxy statement. That was an unusual move by a CEO, Mr. Silverman said.

“It’s not just that he sold stock knowing about the security issue,” he said. “The size and selling behavior were unusual. Put those two elements together, and certainly on the surface it doesn’t look good.”

On the other hand, Intel stock rose sharply in late October too, making a sale of options a lot more attractive even without insider knowledge on a disaster. Also, the Meltdown-Spectre exploit doesn’t appear to be hitting Intel’s stock too hard; it’s dropped about 4% over the last week, much smaller than the 28% increase between June 1 and Krzanich’s sale on November 1. However, Krzanich wouldn’t necessarily have known that the story would have just a limited impact on Intel value, either.

The SEC and DoJ will need to get to the bottom of this, and it seems likely that investor groups will demand such an investigation. Krzanich might want to touch base with Equifax’s former execs to see if they have any room on their squash schedules.