Cybersecurity

FDIC believes it was breached more than 50 times in 2015 and 2016

The Federal Deposit Insurance Corporation believes it was breached more than 50 times in 2015 and 2016, according to an FDIC inspector general's report identifying flaws in the agency's response to the breaches. 

The FDIC regulates banks and insures accounts, guaranteeing that deposits up to $250,000 will be paid if an approved institution fails.

According to the report, dated September, there were 54 suspected or confirmed breaches between January 2015 and December 2016. The inspector general investigated the response in 18 of the 54 cases. 

The report concludes that the FDIC did not investigate breaches, notify victims in a timely manner, or adequately document decisions or quantify breach damages. 

In the five investigated breaches that put personal information at risk, victims were only notified months after the fact. In four out of five cases, it took more than six months. In the fifth, it took nearly five months. Between the five attacks, information on nearly 125,000 individuals was put at risk. 

The report notes that the FDIC lacked an incident response coordinator to take charge of such incidents. Since December 2016, the agency has listed a job posting for the role and is currently considering candidates. 

The report also said that information security managers appeared to be undertrained. In a July 2015 report, "66 percent of ISMs surveyed rated their skill level in the role of incident response as intermediate or less than intermediate," which is beneath the level managers are expected to perform.

Outbrain
View desktop version