Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Multiple data security breaches reported by FDIC

Washington Post: “In yet another example of fragile security in federal cyber systems, data for 44,000 Federal Deposit Insurance Corp. customers were breached by an employee leaving the agency. The breach occurred in February and was outlined in an internal FDIC memorandum obtained by The Washington Post. The March 18 memo from Lawrence Gross Jr., FDIC’s chief information officer and chief privacy officer, to FDIC Chairman Martin J. Gruenberg said the data were downloaded to a personal storage device “inadvertently and without malicious intent.”

Washington Post: “The Federal Deposit Insurance Corp. on Monday retroactively reported to Congress that five additional “major incidents” of data breaches have occurred since Oct. 30. FDIC also is launching “a new initiative to enhance security.”The incidents involved the breach of taxpayers’ personally identifiable information, The Washington Post has learned. In each case, employees with legitimate access to the information were leaving the agency when they inadvertently downloaded the data along with personal files. The individuals involved provided affidavits saying the data was not shared. FDIC considers these to be low-risk cases, but they each meet the threshold of 10,000 records inappropriately exposed. They are being retroactively reported now because the cases were closed before an FDIC Office of Inspector General decision in February to define “major incident” as one that involves at least 10,000 records…”

Federal News Radio: “A leading technology official in the House says a former Federal Deposit Insurance Corporation employee inadvertently triggered a major cyber breach that compromised 44,000 customers’ data. Rep. Lamar Smith (R-Texas), chairman of the Science, Space, and Technology Committee, says a former FDIC employee breached the information of 44,000 FDIC customers more than a month ago. In an April 8 letter obtained by Federal News Radio, Smith said a departing FDIC employee was transferring files from an office computer onto a personal storage device and “inadvertently” copied sensitive customer data from more than 44,000 individuals. The employee left the agency on Feb. 26, but the agency realized the data was taken three days later. FDIC officials retrieved the device on March 1. Smith called the lapse in security “troubling,” and requested a briefing on the situation from FDIC once more information is available…”

Statement of Acting IG Before the Committee on Science, Space, and Technology Subcommittee on Oversight, U.S. House of Representatives on Cybersecurity Incidents at the Federal Deposit Insurance Corporation May 12, 2016.

Sorry, comments are closed for this post.