US Banking Regulator Suffers A Major Breach of Confidential Data

Uploaded on 2016-11-02 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

A former supervisor working for the US Office of the Comptroller of the Currency downloaded confidential information on portable computer storage devices that haven’t yet been recovered, the agency said recently in a statement.

Before retirement, the employee downloaded “more than 10,000 records” about the regulator’s activities and some personal information about staff members, the OCC said. The November 2015 breach by the unidentified supervisor was discovered last month in a review of agency security matters, and the former employee was unable to find and turn over the devices.

“There is no evidence to suggest that any non-public OCC information, including any personally identifiable information or controlled unclassified information has been disclosed to any member of the public or misused in any way,” according to the OCC statement.

The information downloaded was encrypted to make it difficult to access by outsiders. Though the agency has no evidence that the employee shared the data with anyone, the OCC determined it qualified as a “major incident” that required it to be reported to Congress and other federal officials.

Since the incident, the OCC said it adopted policies in August that prevent such information to be downloaded to personal devices known as thumb drives. The agency is still conducting a review for any similar downloads, it said.

Similar employee-involved data breaches have drawn recent attention to another banking agency, the Federal Deposit Insurance Corp. Employees there have also departed with sensitive information on the same kinds of portable devices.

Information Management

 

« More Insecure Email: Clinton Camp Blasts FBI Director
No Need To Shoot Down Drones – Just Hijack Them »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

EfficientIP

EfficientIP

EfficientIP helps organizations drive business efficiency through agile, secure and reliable network infrastructures.

Global Learning Systems (GLS)

Global Learning Systems (GLS)

Global Learning Systems provides security awareness and compliance training programs for employees that effectively promote behavior change and protect your organization.

Competence Center for Applied Security Technology (CAST)

Competence Center for Applied Security Technology (CAST)

CAST offers a range of services in the field of secure modern information technology and a contact point for all questions regarding IT security.

Mixed Mode

Mixed Mode

Mixed Mode is a specialist in embedded and software engineering for applications including IoT and secure embedded systems.

Genius Guard

Genius Guard

Genius Guard specializes in DDoS Protection, DDoS Protected Webhosting, HYIP Hosting, Bitcoin Hosting, Cryptocurrency Hosting.

HB-Technologies

HB-Technologies

HB-Technologies is pioneer in Africa, in digital security, embedded electronic and IT solutions based on highly secure smart cards that comply with international standards and norms.

FDD Center on Cyber and Technology Innovation (CCTI)

FDD Center on Cyber and Technology Innovation (CCTI)

The Foundation for Defense of Democracies is a nonprofit research institute focusing on foreign policy and national security. Ares of focus include cyber security and technology innovation.

Byos

Byos

Byos provides visibility of devices across all networks, regardless of location, integrating with your existing security stack.

QAlified

QAlified

QAlified offer independent testing and quality assurance services for software projects including security testing.

CSIOS Corp.

CSIOS Corp.

At CSIOS we help our customers achieve and sustain information and cyberspace superiority through a full range of defensive and offensive cyberspace operations and cybersecurity consulting services.

SubCom

SubCom

How Much Do You Trust Your Endpoint? With our ‘Habituation Neural Fabric’ based endpoint security platform, you can observe and manage the Trust Score of your endpoints in real-time.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.

Skyhigh Security

Skyhigh Security

Skyhigh Security enables your remote workforce while addressing your cloud, web, data, and network security needs.

Reken

Reken

Reken are building a new type of AI platform and products to protect against generative AI threats.

AppSOC

AppSOC

AppSOC is a leader in Application Security Posture Management (ASPM) and Code-to-Cloud Vulnerability Management.

Custocy

Custocy

Custocy is a unique collaborative AI technology that identifies sophisticated and unknown (zero-day) attacks.