Cybersecurity

FDIC suffers ‘inadvertent’ data breach

Data on roughly 44,000 Federal Deposit Insurance Corporation customers was recently breached accidentally by a departing employee, The Washington Post reports.  

According to an agency memo, the employee downloaded the information to a personal storage device “inadvertently and without malicious intent.”

{mosads}“The FDIC’s investigation does not indicate that any sensitive information has been disseminated or compromised,” said the memo, obtained by the Post.

An agency spokesperson said the employee has also signed an affidavit claiming the breached information was not used.

The FDIC — which provides deposit insurance to banks to help ensure financial system stability — did not say what information was leaked. The memo did indicate the former employee had access to the server “for bank resolution and receivership purposes.”

The situation is just the latest example of how easily government data can be leaked and how tenuous federal cyber defenses are.

Employees are often how hackers obtain or infiltrate government networks. Digital intruders frequently trick workers into revealing information that can be used to gain privileged access to a system. Other times, hackers will simply steal these credentials.

It’s believed the suspected Chinese behind the massive breaches at the Office of Personnel Management got in after lifting login credentials off a contract worker who was logged into the OPM networks.

That intrusion led to over 20 million people’s personal data being stolen.

Rep. Lamar Smith (R-Texas), who chairs the House Science, Space and Technology Committee, sent the FDIC a letter on Friday asking for more details on the breach, which he called “troubling.

“The potential for a breach is especially heightened when sensitive information for over 44,000 individuals is stored without proper security measures,” Smith said.