The Washington Post released a story on April 11 claiming that data for 44,000 Federal Deposit Insurance Corp. customers had been breached by an employee on the way out. The breach, which accorded in February, appears to have not been initially reported due to no findings of the data being compromised. FDIC Chairman Martin J. Gruenberg claims that the data was downloaded onto a personal storage device “inadvertently and without malicious intent.” FDIC released a memo assuring victims that their investigation had determined that no important information had been compromised and that it had been legitimately accessed for “bank resolution and receivership purposes.” The breach was committed on February 26, and detected on February 29 when the FDIC tracked downloads back to the employee’s removable device. The employee returned the information the next day and signed an affidavit confirming that the information had not been used in any way.
Chairman of House Science, Space, and Technology Lamar Smith wrote a letter to Gruenberg asking for details on the February breach as well as every other breach suffered by the FDIC since 2009. Smith finds the breach concerning and “wants to ensure that the FDIC is taking appropriate action to mitigate the risks posed by the security incident, as well as any future cybersecurity risks, in accordance with federal information security requirements.”