US Banking Regulator Suffers A Major Breach of Confidential Data
A former supervisor working for the US Office of the Comptroller of the Currency downloaded confidential information on portable computer storage devices that haven’t yet been recovered, the agency said recently in a statement.
Before retirement, the employee downloaded “more than 10,000 records” about the regulator’s activities and some personal information about staff members, the OCC said. The November 2015 breach by the unidentified supervisor was discovered last month in a review of agency security matters, and the former employee was unable to find and turn over the devices.
“There is no evidence to suggest that any non-public OCC information, including any personally identifiable information or controlled unclassified information has been disclosed to any member of the public or misused in any way,” according to the OCC statement.
The information downloaded was encrypted to make it difficult to access by outsiders. Though the agency has no evidence that the employee shared the data with anyone, the OCC determined it qualified as a “major incident” that required it to be reported to Congress and other federal officials.
Since the incident, the OCC said it adopted policies in August that prevent such information to be downloaded to personal devices known as thumb drives. The agency is still conducting a review for any similar downloads, it said.
Similar employee-involved data breaches have drawn recent attention to another banking agency, the Federal Deposit Insurance Corp. Employees there have also departed with sensitive information on the same kinds of portable devices.