[BreachExchange] U.S. Bank Regulator Notifies Congress of Major Data Security Breach

Audrey McNeil audrey at riskbasedsecurity.com
Fri Oct 28 17:26:15 EDT 2016


http://www.wsj.com/articles/u-s-bank-regulator-notifies-congress-of-major-data-security-breach-1477684445

A U.S. bank regulator on Friday disclosed a data breach involving a former
agency employee’s unauthorized removal of more than 10,000 records.

The cybersecurity breach was first detected by the Office of the
Comptroller of the Currency in September while the agency was undertaking a
retrospective two-year review of employees downloading information in an
effort to help minimize cyberthreats.

The breach, flagged to Congress and three other government agencies
including the Department of Homeland Security, occurred in November 2015
when a former employee downloaded a large number of files onto two thumb
drives before retiring from the agency. The OCC said data on the thumb
drives were encrypted.

The agency said that once it discovered the data breach, it immediately
referred the case to the Treasury Department’s Inspector General’s office.
The IG review concluded it was a “major incident,” involving more than
10,000 records and potentially exposing personal information. The OCC
didn’t specify what types of records were downloaded, nor did it say whose
personal information might have been taken.

Government agencies are required to notify Congress of all “major
incidents.”

There is no evidence that data taken by the employee were “disclosed” or
“misused” in anyway, the agency said. The OCC said the data breach hasn’t
“adversely affected” the agency’s internal operations.

The former employee wasn’t identified by the agency.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20161028/573092fd/attachment.html>


More information about the BreachExchange mailing list