WASHINGTON (Reuters) - Equifax Inc told the U.S. House of Representatives in a letter made public on Friday that its board of directors has formed a special committee to review stock sales by company executives made weeks before the credit-reporting service disclosed a massive data breach.

Three senior executives including the company’s chief financial officer sold $1.8 million in shares within three days of the company learning on July 29 that hackers had breached personal data for up to 143 million Americans.

Equifax announced the breach publicly on Sept. 7. The disclosure sparked public outcry, government investigations, a sharp drop in the company’s share price and a management shake-up.

Equifax lawyer Theodore Hester said in a letter dated Thursday to members of Congress announcing the review that the company “takes these matters seriously” and has retained lawyers.

In response to questions about whether the stock sales violated insider trading laws, Equifax has said the executives did not know about the breach when making their sales, which were not prearranged.

The company said in a statement the board has retained law firm WilmerHale to conduct a review of the hacking incident and the company’s response “as well as a review of the circumstances surrounding the trading by certain of the company’s executives.”According to regulatory filings, CFO John Gamble Jr sold shares on Aug. 1 for $946,000, while Joseph Loughran III, president of U.S. Information Solutions, sold $584,000 in stock on the same day. Rodolfo Ploder, president of Equifax’s Workforce Solutions business, sold $250,000 worth of stock on Aug. 2.

Equifax stock was down 28 cents at $106.10 on Friday, a decline of more than 25 percent since early September.

The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice.

Earlier this week, the Atlanta-based company said Chief Executive Richard Smith would leave and forgo this year’s bonus.

Congressional committees plan hearings next week with Smith.

Equifax said in a regulatory filing that it might claw back some of Smith’s compensation for this year, depending on results of the board’s investigation into the breach, which the company has said occurred between mid-May and July.

The breach also prompted the departures of Equifax’s chief information officer and chief security officer.

The hack, among the largest ever recorded, was especially alarming due to the richness of the information exposed, which included names, birthdays, addresses and Social Security and driver’s license numbers, cyber researchers said.