U.S. regulator says former employee downloaded data from office
WASHINGTON (Reuters) - A U.S. banking regulator said on Friday it had told Congress about what it called "a major information security incident" after a former employee was found to have downloaded a large number of files onto thumb drives before his retirement.
The Office of the Comptroller of the Currency said in a statement that there was no evidence to suggest that the data in the downloads had been disclosed to the public or misused in any way.
Before he retired in November 2015, the former employee downloaded a large number of files onto two removable thumb drives though the incident was only detected last month during a routine security review, the OCC said in a statement.
When the former employee was contacted, the OCC said, he "was unable to locate or return the thumb drives to the agency."
The stolen data was encrypted, the agency said.
The Office of the Comptroller, along with the Federal Reserve and Federal Deposit Insurance Corporation, is one of the nation's three most influential bank regulators that is tasked with protecting consumers and financial markets.
The OCC has deemed the breach a "major incident" because the devices containing the information are not recoverable and more than 10,000 records were removed, the agency said.
An official familiar with the investigation declined to comment on a possible motive. The official, who was not authorized to discuss the case, noted that a large batch of unclassified personnel records were among the cache.
Shane Shook, an independent cyber crime expert who helps governments and financial institutions respond to breaches, said that he was not particularly concerned about the loss of the data, which OMB regulations require the OCC to report to the public, regardless of impact.
"This happens quite a lot," he said. "The risk would be if the information somehow gets released to unauthorized sources" such as WikeLeaks or another website where stolen data is posted.
He said that in many case employees or consultants who report missing thumb drives with sensitive data on them eventually end up finding them.
Representatives with the Department of Homeland Security and FBI said they had no immediate comment.
A number of high-profile data breaches at the federal level have highlighted the vulnerability of sensitive information.
In recent weeks, the National Security Agency has come under fresh scrutiny after a contractor was accused of having hoarded sensitive information at his home.
(Reporting by Eric Walsh; Editing by Eric Beech and Lisa Shumaker)
Serious News for Serious Traders! Try StreetInsider.com Premium Free!
You May Also Be Interested In
- Exclusive-EU's proposed sanctions on Russia to target oil tankers, ships moving North Korean equipment
- UBS faces new lawsuit by Appaloosa over Credit Suisse $17 billion bond wipeout
- Klarna to offer payment services on Uber's platform
Create E-mail Alert Related Categories
ReutersRelated Entities
FDICSign up for StreetInsider Free!
Receive full access to all new and archived articles, unlimited portfolio tracking, e-mail alerts, custom newswires and RSS feeds - and more!