Bank regulator reports five 'major' data breach incidents

Bank regulator reports five 'major' data breach incidents
© Getty Images

The Federal Deposit Insurance Corporation (FDIC) on Monday reported to Congress five “major incidents” of data breaches involving taxpayers' personally-identifiable information, The Washington Post reports.

ADVERTISEMENT

Each case involves employees with authorized access to the data who inadvertently downloaded the information with personal files when they left the agency, according to the Post. The individuals involved signed affidavits affirming that the information was not shared, and the FDIC considers them low-risk cases.

But each case meets the 10,000-record threshold that defines a “major incident,” according to an FDIC Office of Inspector General decision in February.

The reporting follows an incident revealed in April in which a departing employee accidentally breached the data of roughly 44,000 FDIC customers.

According to an agency memo, the employee downloaded the information to a personal storage device “inadvertently and without malicious intent.”

“The FDIC’s investigation does not indicate that any sensitive information has been disseminated or compromised,” said the memo, obtained by the Post.

The FDIC — which provides deposit insurance to banks to help ensure financial system stability — did not say what information was leaked. The memo did indicate the former employee had access to the server “for bank resolution and receivership purposes.”

Employees are often how hackers obtain or infiltrate government networks. Digital intruders frequently trick workers into revealing information that can be used to gain privileged access to a system. Other times, hackers will simply steal these credentials.

It’s believed the suspected Chinese hackers behind the massive breaches at the Office of Personnel Management got in after lifting login credentials off a contract worker who was logged into the OPM networks.

The agency will be launching a “new initiative to enhance cybersecurity,” including using software “to force encryption of portable devices” and hiring a contractor to conduct an IT security assessment and provide recommendations.

The banking regulator will also implement a management software program to locate misplaced information and “recall it, and destroy it as appropriate, regardless of where the data are located.”

The breaches have raised the concerns of lawmakers on Capitol Hill. The Committee on Science, Space, and Technology’s oversight subcommittee on Thursday will examine data security at the agency.

“The potential for a breach is especially heightened when sensitive information for over 44,000 individuals is stored without proper security measures,” committee Chairman Lamar Smith (R-Texas) said when the original breach was uncovered in April.