FDIC Hit By ‘Inadvertent’ Major Data Breach

The Federal Deposit Insurance Corp. has become the latest federal system impacted by a major data breach.

In an internal FDIC document obtained by The Washington Post, it was revealed that the data of 44,000 FDIC customers was breached by an employee who left the agency in February.

The memo was distributed on March 18 by FDIC Chief Information Officer and Chief Privacy Officer Lawrence Gross Jr. and explains that the customer data was “inadvertently and without malicious intent” downloaded to a personal storage device.

While the agency confirmed the former employee had legitimate access to the data it still does not explain how the individual was able to walk away with supposedly secure information without realizing.

The FDIC said its investigation into the breach found that none of the information has been disseminated or compromised, but it still did not disclose exactly what customer data was accessed, The Washington Post reported.

With the help of technology used to monitor downloads to removable devices, FDIC was able to detect the breach days after the employee left FDIC on February 26. The device was promptly returned and the memo stated that the agency’s relationship with the former employee was not adversarial.

According to Barbara Hagenbaugh, a FDIC spokeswoman, the agency has since blocked the use of portable storage devices for many of its employees. She also confirmed that the former employee signed an affidavit swearing that the stolen data was not used in anyway.

Rep. Lamar Smith, chairman of the House Science, Space and Technology Committee, wrote a letter to FDIC last week requesting more information about the most recent breach and any other security breaches the agency has experienced since 2009, The Washington Post said.

In his letter, Smith called the breach “troubling,” adding that “the potential for a breach is especially heightened when sensitive information for over 44,000 individuals is stored without proper security measures.”