US Banking Regulator Suffers A Major Breach of Confidential Data

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

A former supervisor working for the US Office of the Comptroller of the Currency downloaded confidential information on portable computer storage devices that haven’t yet been recovered, the agency said recently in a statement.

Before retirement, the employee downloaded “more than 10,000 records” about the regulator’s activities and some personal information about staff members, the OCC said. The November 2015 breach by the unidentified supervisor was discovered last month in a review of agency security matters, and the former employee was unable to find and turn over the devices.

“There is no evidence to suggest that any non-public OCC information, including any personally identifiable information or controlled unclassified information has been disclosed to any member of the public or misused in any way,” according to the OCC statement.

The information downloaded was encrypted to make it difficult to access by outsiders. Though the agency has no evidence that the employee shared the data with anyone, the OCC determined it qualified as a “major incident” that required it to be reported to Congress and other federal officials.

Since the incident, the OCC said it adopted policies in August that prevent such information to be downloaded to personal devices known as thumb drives. The agency is still conducting a review for any similar downloads, it said.

Similar employee-involved data breaches have drawn recent attention to another banking agency, the Federal Deposit Insurance Corp. Employees there have also departed with sensitive information on the same kinds of portable devices.

Information Management

 

« More Insecure Email: Clinton Camp Blasts FBI Director
No Need To Shoot Down Drones – Just Hijack Them »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Technology Association of Georgia (TAG)

Technology Association of Georgia (TAG)

TAG's mission is to educate, promote, influence and unite Georgia's technology community to stimulate and enhance Georgia's tech-based economy.

CERT-PY

CERT-PY

CERT-PY is the national Computer Emergency Response Team for Paraguay.

Jumio

Jumio

Jumio’s end-to-end identity verification and authentication solutions fight fraud, maintain compliance and onboard good customers faster.

Open Cloud Factory

Open Cloud Factory

Open Cloud Factory is a European based security company, that strives to ease the pressure on IT managers, by providing tools to implement your Security Strategy in an effective and easy manner.

Clavis Information Security

Clavis Information Security

Clavis is an Information Security company offering a complete portfolio of solutions from Pentesting and Security Assessments to Managed Security Services and Training.

VaultOne

VaultOne

VaultOne is a next-generation security solution that addresses security issues from different domains (Password Manager, Secure Access, PAM, Identity Management) as a single, integrated solution.

Q-Net Security

Q-Net Security

Protect your critical networks. Q-Net Security make hardware that provides the strongest drop-in security for your existing critical infrastructure.

British Security Industry Association - CySPAG

British Security Industry Association - CySPAG

CySPAG is a special interest group within the British Security Industry Association (BSIA) focused on reducing the risk of product related cybercrime.

Systems Assessment Bureau (SAB)

Systems Assessment Bureau (SAB)

Systems Assessment Bureau is an internationally recognized ISO Certification Body with a unique vision of “Excel together with global standards”.

Riskaware

Riskaware

CyberAware, by Riskaware, provides business-critical cyber attack analysis and impact assessments using NIST standards aligned with NCSC guidance.

Zemana

Zemana

Zemana provides innovative cyber-security solutions to deal with complex malicious software and other cyber threats.

TransUnion

TransUnion

TransUnion is a global information and insights company that makes it possible for businesses and consumers to transact with confidence.

Cyber Crucible

Cyber Crucible

Cyber Crucible is a cybersecurity Software as a Service company definitively removing the risk of data extortion from customer environments.

LegalByte

LegalByte

LegalByte is a leading provider of comprehensive legal and forensic services dedicated to addressing the complex challenges of the digital age.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.

Zanutix Consulting

Zanutix Consulting

Zanutix specialize in a wide range of services including Network Design and Implementation, Data Management, Cloud Solutions, Software Development and Cybersecurity.