The Chinese government likely hacked several high-level officials at the Federal Deposit Insurance Corporation (FDIC) as recently as 2013, according to a congressional report released Wednesday.
Advanced persistent threat actors believed to have been the Chinese government compromised 12 agency work stations in 2010, 2011 and 2013, according to an internal FDIC report cited by the House Committee on Science, Space and Technology.
The former chairman, chief of staff and general counsel of the agency were all infiltrated.
The agency’s internal watchdog dinged the FDIC for failing to alert the appropriate authorities, according to the committee’s report, and notified Congress itself.
The banking regulator has recently been in the crosshairs of Congress over its data security practices. The Science Committee, which is holding a hearing this week to evaluate the agency’s response to recent breaches, slammed the FDIC for its cybersecurity posture and for deliberately evading congressional oversight.
The FDIC earlier this year reported to Congress five “major incidents” of data breaches involving taxpayers’ personally identifiable information. A criminal investigation is currently underway.
Each of the cases involves employees with authorized access to the data who inadvertently downloaded information with personal files when they left the agency — not a hacking attempt like the one described in Wednesday’s report.
Lawmakers have sternly rebuked the agency for failing to disclose the breaches until urged to do so by the inspector general.
“The FDIC’s repeated efforts to conceal information from Congress are inexcusable. They raise significant questions about whether the agency actively attempts to hide potentially incriminating information from Congress,” Chairman Lamar Smith (R-Texas) said in May.