|
U.S. regulator says former employee
downloaded data from office
Send a link to a friend
 [October 29, 2016]
WASHINGTON (Reuters) - A U.S.
banking regulator said on Friday it had told Congress about what it
called "a major information security incident" after a former employee
was found to have downloaded a large number of files onto thumb drives
before his retirement.
The Office of the Comptroller of the Currency said in a statement that
there was no evidence to suggest that the data in the downloads had been
disclosed to the public or misused in any way.
Before he retired in November 2015, the former employee downloaded a
large number of files onto two removable thumb drives though the
incident was only detected last month during a routine security review,
the OCC said in a statement.
When the former employee was contacted, the OCC said, he "was unable to
locate or return the thumb drives to the agency."
The stolen data was encrypted, the agency said.
The Office of the Comptroller, along with the Federal Reserve and
Federal Deposit Insurance Corporation, is one of the nation's three most
influential bank regulators that is tasked with protecting consumers and
financial markets.
The OCC has deemed the breach a "major incident" because the devices
containing the information are not recoverable and more than 10,000
records were removed, the agency said.
An official familiar with the investigation declined to comment on a
possible motive. The official, who was not authorized to discuss the
case, noted that a large batch of unclassified personnel records were
among the cache.
[to top of second column] |
Shane Shook, an independent cyber crime expert who helps governments
and financial institutions respond to breaches, said that he was not
particularly concerned about the loss of the data, which OMB
regulations require the OCC to report to the public, regardless of
impact.
"This happens quite a lot," he said. "The risk would be if the
information somehow gets released to unauthorized sources" such as
WikeLeaks or another website where stolen data is posted.
He said that in many case employees or consultants who report
missing thumb drives with sensitive data on them eventually end up
finding them.
Representatives with the Department of Homeland Security and FBI
said they had no immediate comment.
A number of high-profile data breaches at the federal level have
highlighted the vulnerability of sensitive information.
In recent weeks, the National Security Agency has come under fresh
scrutiny after a contractor was accused of having hoarded sensitive
information at his home.
(Reporting by Eric Walsh; Editing by Eric Beech and Lisa Shumaker)
[© 2016 Thomson Reuters. All rights
reserved.]
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed. |
