Three Equifax executives sold almost $1.8 million worth of stock in the company shortly after the company discovered a security breach that could affect about 143 million U.S. consumers and an unspecified number of Canadian and U.K. customers, Bloomberg reports . The trades weren’t part of a scheduled trading plan.

The breach was discovered July 29 and believed to have started in mid-May, Equifax has said, but it hasn’t said why it waited until today to tell the public. Securities litigation firm Block & Leviton said Thursday it’s looking into the company’s “disclosures and corporate policies regarding cybersecurity” and whether it breached duties to shareholders. The company’s shares fell over 6% to around $125 in after-hours trading.

The breach was reportedly discovered three days after Equifax’s last earnings report. Three days later, according to regulatory filings, chief financial officer John Gamble sold shares worth $946,374 and Joseph Loughran, president of U.S. information solutions, exercised options to dispose of stock worth $584,099. On Aug. 2, Rodolfo Ploder, president of workforce solutions, sold $250,458 of stock.

By way of comparison, on early Tue, May 23, Gamble also sold 14,000 stocks of the company’s shares, amounting to $1,910,160.00, leaving him with an ownership of 48,578 company stock worth at roughly $6,627,982.32, according to SEC filings. Executives own about 1.3% of the firm’s stock.

While Equifax has offered those affected a year of credit monitoring and identity theft protection, the credit reporting company has already come under criticism for not sufficiently training its call center workers to handle calls relating to the breach and for asking customers to give up more personal data to find out if they were affected by the hack.

Don’t feel better only giving Equifax the last 6 of your SSN. IP reveals where you live. First 3 of SSN assigned by birth state = guessable. pic.twitter.com/DUD1wjLvpN — Tony Webster (@webster) September 7, 2017

“Today’s a humbling experience for all of us,” CEO Rick Smith said in a video about the breach, which is still not the largest: In the past year, Yahoo has disclosed that over 1.5 billion user accounts had been hacked in attacks in 2013 and 2014. “While we’ve made significant investments in cybersecurity, we have more to do, and we will.”